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Abstract 

This  paper  studies  the  stability  and  stabilizability  of  Discrete  Event  Dynamical  Systems 
(DEDS’s)  modeled  by  state  machines.  We  define  stability  and  stabilizability  in  terms  of  the 
behavior  of  the  DEDS’s,  i.e.  the  language  generated  by  the  state  machines  (SM’s).  This 
generalizes  earlier  work  where  they  were  defined  in  terms  of  legal  and  illegal  states  rather 
than  strings.  The  notion  of  reversal  of  languages  is  used  to  obtain  algorithms  for  determining 
the  stability  and  stabilizability  of  a  given  system.  The  notion  of  stability  is  then  generalized 
to  define  the  stability  of  infinite  or  sequential  behavior  of  a  DEDS  modeled  by  a  Buchi 
automaton.  The  relationship  between  the  stability  of  finite  and  stability  of  infinite  behavior 
is  obtained  and  a  test  for  stability  of  infinite  behavior  is  obtained  in  terms  of  the  test  for 
stability  of  finite  behavior.  We  present  an  algorithm  of  linear  complexity  for  computing  the 
regions  of  attraction,  which  is  used  for  determining  the  stability  and  stabilizability  of  a  given 
system  defined  in  terms  of  legal  states.  This  algorithm  is  then  used  to  obtain  efficient  tests 
for  checking  sufficient  conditions  for  language  stability  and  stabilizability. 

Keywords:  Discrete  Event  Dynamical  Systems,  Automata  Theory,  Supervisory  Control, 
Stability,  Stabilizability 
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1  Introduction 


Ramadge  and  Wonham  in  their  work  [21]  on  supervisory  control  of  discrete  event  dyna¬ 
mical  systems  (DEDS)  have  modeled  a  DEDS,  also  called  a  plant,  by  a  State  Machine  (SM), 
the  event  set  of  which  is  finite  and  is  partitioned  into  sets  of  controllable  and  uncontrollable 
events.  The  language  generated  by  such  a  SM  is  used  as  a  model  to  describe  the  behavior 
of  the  plant  at  the  logical  level.  The  control  task  is  to  synthesize  of  a  controller,  also  called 
a  supervisor,  which  disables  some  of  the  controllable  events  in  the  plant  so  that  the  closed 
loop  behavior  equals  some  prespecified  desired  behavior,  also  called  legal  behavior.  Supervi¬ 
sors  which  do  not  prevent  any  uncontrollable  events  from  occurring  are  are  called  complete. 
Thus  there  may  not  always  exist  a  complete  supervisor  so  that  the  closed  loop  system  has  a 
prespecified  desired  behavior.  Attention  is  then  restricted  to  designing  a  complete  supervisor 
that  is  minimally  restrictive  [21,  20,  10,  1,  11]  so  that  the  closed  loop  system  can  engage  in 
some  maximal  behavior  and  still  maintain  the  prescribed  behavioral  constraint.  Thus  the 
control  objective  is  usually  described  as  the  synthesis  of  a  minimally  restrictive  supervisor 
so  that  the  controlled  system  has  a  maximally  permissive  legal  behavior. 

Sometimes  such  a  constraint  on  the  system  behavior  leads  to  the  design  of  a  supervisor 
which  results  in  a  very  restrictive  behavior  [14,  15].  Recently  there  has  been  work  [14,  15] 
on  posing  a  supervisory  control  problem  that  allows  the  system  to  engage  in  some  illegal 
behavior  which  can  be  tolerated.  In  this  paper,  we  also  allow  the  possibility  of  the  system 
behaving  illegally.  The  supervisor  is  synthesized  so  that  the  behavior  of  the  supervised 
system  is  ‘‘asymptotically  legal”.  In  other  words,  the  system  is  initially  allowed  to  make 
illegal  transitions  but  after  a  finite  number  of  transitions  the  supervised  system  makes  only 
legal  transitions.  With  the  above  motivation,  we  define  the  stability  and  stabilizability  of 
DEDS’s  in  terms  of  their  legal  behavior. 

In  [16,  18,  2,  4,  3]  the  notion  of  stability  and  stabilizability  of  DEDS’s  has  been  presented 
in  terms  of  the  legal  and  illegal  states  of  the  system.  In  [2,  3]  a  stable  system  is  one  that 
starts  from  any  arbitrary  initial  state  and  after  finitely  many  transitions  goes  to  one  of  the 
legal  states,  and  stays  there;  a  stabilizable  system  is  one  for  which  there  exists  a  supervisor 
so  that  the  supervised  system  is  stable.  In  [18]  a  system  is  said  to  be  stable  if  after  starting 
from  any  arbitrary  initial  state  it  visits  the  legal  subset  of  states  infinitely  often;  a  system 
that  can  be  made  stable  in  the  above  context  by  the  synthesis  of  an  appropriate  supervisor 
is  called  stabilizable.  We  define  a  system  to  be  language-stable1,  if  its  eventual  behavior 
remains  confined  to  the  legal  behavior;  if  a  supervisor  exists  such  that  the  supervised  system 
is  language-stable,  then  the  system  is  called  language-stabilizable.  We  show  below  that  the 
existence  of  an  eventually  reachable  legal  set  of  states  implies  the  existence  of  an  eventually 
reachable  legal  behavior,  whereas  the  converse  is  not  always  true.  Thus  the  notion  of  stability 
presented  here  is  finer  than  those  in  [18,  2,  3]  in  the  sense  that  there  need  not  exist  any  fixed 
set  of  legal  states.  A  state  can  eventually  be  reached  by  legal  as  well  as  illegal  strings,  so 
none  of  the  states  can  be  predefined  to  be  legal.  In  order  to  illustrate  this  point  consider  for 

1We  use  the  term  language-stability  to  emphasize  the  fact  that  it  is  defined  in  terms  of  legal  behavior 
rather  than  legal  states  in  which  case  it  may  be  called  state-stability 
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example  an  elevator  which  moves  between  three  floors  -  bottom,  middle  and  top.  Assume 
that  a  passenger  requests  service  at  the  top  floor.  We  can  view  the  top  floor  to  be  the  legal 
state,  and  require  that  the  elevator  should  eventually  reach  it.  However,  a  “finer”  constraint 
that  the  elevator  should  reach  the  top  floor  in  no  more  than  two  moves  (there  are  total  three 
floors)  may  be  desired.  In  this  case  the  top  floor  may  be  reached  by  legal  as  well  as  illegal 
sequence  of  moves  of  the  elevator.  Thus  in  this  example  the  stability  based  on  legal  states 
cannot  capture  the  desired  behavior  of  the  elevator. 

In  [18,  2,  3],  the  supervisors  considered  for  stabilizing  a  system  are  assumed  to  be  of 
static  feedback  type  in  which  the  next  control  action  is  determined  by  the  current  state  of 
the  system.  In  general  a  supervisor  can  be  of  dynamic  feedback  type  where  the  next  control 
action  is  determined  not  necessarily  by  the  current  state  but  by  the  “path”  taken  to  reach  the 
current  state.  We  refine  the  notion  of  stability  and  stabilizability  by  defining  it  in  terms  of 
languages  rather  than  states,  and  show  that  in  some  cases  a  static  feedback  type  supervisor 
cannot  stabilize  a  system  and  a  more  general  dynamic  feedback  type  supervisor  is  needed 
for  stabilization.  In  [16],  the  stability  of  systems  under  partial  observation  is  studied.  In 
this  case,  the  supervisor  is  of  dynamic  feedback  type;  it  can  be  represented  as  a  cascade 
of  a  dynamic  state  observer  followed  by  a  static  feedback  type  controller.  The  supervisor 
considered  for  eventually  restrictable  systems  in  [17]  is  also  of  dynamic  feedback  type. 

We  start  with  the  description  of  DEDS’s  and  present  some  of  the  notions  of  stability 
defined  in  terms  of  states.  The  computational  complexity  of  the  algorithms  presented  in 
[2,  3]  for  determining  the  stability  and  stabilizability  of  DEDS’s  based  on  computing  the 
regions  of  attraction  is  quadratic  in  the  number  of  states  of  the  system.  We  present  an 
algorithm  that  is  linear  in  the  number  of  states  of  the  system  and  is  thus  computationally 
more  efficient.  We  then  introduce  the  notion  of  stability  in  terms  of  languages  and  provide 
algorithms  for  determining  the  stability  and  stabilizability  of  a  given  system  by  considering 
an  equivalent  problem  defined  in  terms  of  reversal  of  languages.  We  also  discuss  the  com¬ 
putational  complexity  of  these  algorithms.  Later,  we  provide  computationally  more  efficient 
algorithms  for  testing  the  sufficiency  of  stability  and  stabilizability  of  systems  based  on  our 
algorithm  for  computing  the  regions  of  attraction.  In  all  this,  we  assume  that  perfect  ob¬ 
servation  of  the  system  behavior  is  possible  so  that  the  control  actions  are  determined  on 
the  basis  of  observing  the  system  evolution  perfectly.  We  also  introduce  a  weaker  notion  of 
language  stability  that  is  preserved  under  union  and  provide  a  technique  for  constructing 
the  minimally  restrictive  stabilizing  supervisor  in  this  weaker  sense  of  language  stability. 

The  notion  of  language  stability  is  then  generalized  to  study  the  stability  of  sequen¬ 
tial  behaviors  of  DEDS’s  modeled  by  Biichi  automata.  The  notions  of  w-stability  and  u- 
stabilizability  are  introduced  in  this  context,  and  tests  for  verifying  stability  and  stabiliza¬ 
bility  of  sequential  behavior  are  obtained  by  reducing  the  problem  of  testing  them  to  the 
problem  of  testing  language  stability.  We  introduce  a  equivalence  relation  on  the  space  of 
infinite  strings  and  obtain  a  necessary  condition  of  ^-stability  in  terms  of  this  equivalence 
relation. 
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2  Notation  and  Terminology 

A  DEDS  to  be  controlled,  called  a  plant ,  is  modeled  as  a  deterministic  trim  [8]  state 
machine  (SM)  following  the  framework  of  [21].  Let  the  quintuple 

P  =  (X,X,a,x0,Xm) 

denote  a  SM  representing  a  plant,  where  X  denotes  the  state  set;  5  denotes  the  finite  event 
or  alphabet  set;  a  :  £  x  X  — ►  X  denotes  the  partial  state  transition  function;  xq  £  X 
denotes  the  initial  state;  and  Xm  C  X  denotes  the  set  of  marked  states.  The  transition 
function  a(-,-)  is  extended  to  E*  x  X  in  the  natural  way,  where  E*  denotes  the  set  of  all 
finite  sequences  of  events  belonging  to  £.  The  notation  t  6  E*  is  used  to  denote  the  empty 
string.  The  behavior  of  P  is  described  by  the  language  L(P )  C  £*  that  it  generates  and 
Lm(P)  C  L(P)  that  it  marks  or  recognizes.  Formally, 

L(P)  =  {s  €  £*  |  a(s,xo)l}]  Lm(P)  -  {s  £  L(P)  \  a{s,x0)  £  Xm}, 

where  the  notation  “!”  is  used  to  denote  “is  defined”.  By  definition,  L{P)  is  prefix  closed 
and  also  since  P  is  trim,  Lm(P )  =  L(P)  [8]. 

The  event  set  is  partitioned  into  £  =  Eu  U  Ec,  the  set  of  uncontrollable  and  controllable 
events.  A  supervisor  5  for  controlling  a  plant  is  another  DEDS,  also  represented  as  a  SM, 

S  =f  (Y,  £,  /3,y0,  Ym) 

S  operates  synchronously  with  P,  thus  allowing  only  the  synchronous  transitions  to  occur 
in  the  closed  loop  system  described  by  the  SM  [10,  11] 

PDS  =f  (Z,  £,7,  20,  Zm), 

where  z0  =  (xo,yo)]  for  s  £  £*,7  :  E*  x  Z  — *  Z  is  defined  as:  7 (s,  20))  —  (a(s,  x0),  ft(s,  go)) 
if  «(s,aio)!  and  fl(s,y0)\,  undefined  otherwise;  Z  —  {z  £  X  x  Y  \  3s  £  £*  s.t.  7(s,z0)  =  z}; 
and  Zm  =  Z  fl  (Xm  x  Ym).  Thus  Z  C  X  x  Y  is  the  set  of  states  that  are  reachable  from 
the  initial  state  zq ,  and  Zm  C  Z  is  the  set  of  those  reachable  states  that  have  both  their 
“co-ordinates”  marked. 

The  following  states  the  control  achieved  by  the  synchronous  operation  of  P  and  S. 

Remark  2.1  [11,  10]  Let  L(PdS)  be  the  language  generated  and  Lm(POS)  the  language 
marked  by  PDS;  then  L(POS)  —  L(P)  H  L(S),  and  Lm(POS)  =  Lm(P )  fl  Lm(S ),  where 
L(S),  Lm(S)  denote  the  languages  generated,  recognized  by  S  respectively. 

Also,  since  S  can  disallow  only  the  controllable  events  from  occurring,  L(P)  H  £*  C 
L(POS),  where  E*  is  the  set  of  finite  sequences  of  events  belonging  to  Eu. 

The  supervisor  as  defined  above  represents  a  closed  loop  control  policy.  This  differs 
from  open  loop  control  policy  in  which  control  actions  are  all  prespecified;  in  closed  loop 
control,  control  actions  are  determined  by  observing  all  or  part  of  the  history  of  the  system 
evolution. 
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Definition  2.2  Let  the  map  /  :  L(P)  — »  2s  denote  a  control  policy  as  described  in  [21],  i.e. 
for  each  string  s  G  L(P )  generated  by  the  plant  P,  f(s)  C  £  is  the  set  of  events  that  are 
not  disabled  by  a  supervisor.  Then  the  control  exercised  by  the  synchronous  operation  of 
a  supervisor  and  the  plant,  as  described  above,  defines  the  following  control  policy  over  the 
set  of  strings  generated  by  the  plant: 

r/  s  def  f  W  €  S|7(S<J,Z0)!}  if  7(5,  Z0)\ 

'  |  undefined  otherwise 

where  the  string  s  G  L(P). 

Closed  loop  controllers  can  further  be  classified  into  static  and  dynamic  control  type. 
Given  a  deterministic  SM,  V  =  ( Q ,  £,  6,  qo,  Qm),  there  is  a  natural  equivalence  relation  Rv 
[8,  6,  11,  10]  induced  by  V  on  £*,  which  is  defined  by  s  =  t{Rv)  8(s,  qo)  =  S(t,qo )  (this 
is  meant  to  include  the  condition  that  8(s,qo)  is  undefined  8(t,qo)  is  undefined),  where 
s,t  G  £*.  Thus  all  those  strings  which  upon  execution  result  in  the  same  state  in  V  belong 
to  the  same  equivalence  class.  We  use  [s](i?v)  to  denote  the  equivalence  class  under  the 
equivalence  relation  Rv,  containing  the  string  s. 

Definition  2.3  Consider  the  control  policy  /  :  L(P)  —*  2s  defined  by  the  synchronous 
composition  operator  as  described  in  Definition  2.2.  We  say  that  a  closed  loop  control  policy 
is  static  if  s  =  t(Rp)  =>  f(s)  =  f(t )  whenever  both  f(s),f(t )  are  defined. 

In  other  words,  in  a  static  feedback  type  control,  the  same  control  action  is  applied  after 
the  execution  of  all  strings  that  lead  to  the  same  state  in  the  plant.  Next  we  show  that  if  a 
supervisor  exercises  a  static  closed  loop  control,  then  it  can  be  represented  as  a  SM  having 
structure  similar  to  that  of  the  plant. 

Definition  2.4  Let  Vi  =f  (Qi,T,,8i,q0l,Qmi)  and  V2  d=  (Q2,'S,82,qo2,Qm2)  be  two  SM’s. 
Vi  is  said  to  be  a  subautomaton  [5]  of  V2  if  there  exists  a  one-to-one  map  h  :  Qi  — ►  Q2  such 
that  h(8i(s,q 0l))  =  62(s,qo2 )  for  each  s  G  L{V\). 

Thus  if  Vi  is  a  subautomaton  of  V2 ,  then  L(\ i)  C  L(V2).  Note  that  if  the  map  h  in 
Definition  2.3  is  also  onto,  then  Vi  and  V2  are  structurally  identical. 

Proposition  2.5  [9]  The  following  are  true: 

1.  If  S'  is  a  subautomaton  of  P,  then  the  control  policy  /  :  L(P)  — *  2s  defined  by  S  is 
static. 

2.  If  /  :  L(P )  — >  2s  is  a  static  control  policy,  then  there  exists  S  which  defines  the  same 
control  policy  as  /  and  is  a  subautomaton  of  P. 

Definition  2.6  A  closed  loop  control  policy  is  said  to  be  dynamic  if  it  is  not  static. 
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Lm(PaS)  =  Lm(S)  =  (ab)* 


Figure  1:  Diagram  illustrating  Example  2.7 

Example  2.7  Consider  for  example  a  plant  P,  with  language  L(P)  =  (a  +  b)*  defined  over 
the  event  set  E  =  {a,  b}.  Assume  that  Sc  =  S  (see  Figure  1;  “0”  denotes  the  states, 
an  entering  arrow  “ — »”  to  “O”  represents  the  initial  state,  and  ‘"O”  denotes  the  marked 
states).  Then  the  language  generated  by  the  coupled  system  under  a  static  feedback  control 
policy  could  be  one  of  the  following:  L(POS)  =  (a  +  b)*  or  a*  or  b *  or  e  depending  on 
whether  the  events  disabled  in  the  only  state  of  the  system  are  0,  {6},  {a}  or  {a,  6}. 

On  the  oth-  -  hand,  the  language  marked  by  the  coupled  system  can  be  made  to  be  any 
sublanguage  A  C  (a  +  b)*  by  using  a  dynamic  feedback  control  policy.  This  can  be  done 
because  all  the  events  are  controllable  [10,  11]  (pick  the  supervisor  S,  so  that  L(S)  =  K).  An 
example  for  the  case  K  —  ( ab )*  is  shown  in  Figure  1. 

3  Stability:  Region  of  Attraction 

With  the  above  introduction  on  our  supervisory  control  model,  we  next  consider  the 
stability  issues  for  DEDS’s.  First  we  discuss  the  definitions  and  results  of  some  of  the  earlier 
works,  in  which  the  stability  is  defined  in  terms  of  a  set  of  legal  states  of  the  system.  Later, 
we  present  our  own  notions  of  stability  defined  in  terms  legal  behavior  of  the  system. 

Consider  a  plant  P  =  (X,  S,  a,  x0,  Xm).  Let  X  C  X  be  the  prescribed  subset  of  states 
or  the  legal  states.  The  notions  of  strong  and  weak  attraction  [2,  3]  are  defined  as  follows: 
A  state  x  €  X  is  said  to  be  strongly  attractable  to  X,  if  after  starting  from  the  state  x ,  the 
system  always  reaches  a  state  in  the  set  X  after  a  finite  number  of  transitions.  The  set  of  all 
the  strongly  attractable  states  is  called  the  region  of  strong  attraction  of  X  and  is  denoted 
by  fi(X’).  Formally,  let  for  a  £  S*,  |.sj  denote  the  length  of  s,  and  for  X'  C  X ,  jX'|  denote 
the  number  of  states  in  the  set  X' . 

Definition  3.1  x  €  X  is  strongly  attractable  to  X  if  for  all  s  such  that  a(s,x)!  and  |.s |  > 
\X  —  X\  there  exists  a  prefix  us  €  S*  of  s  with  |us|  <  |X  —  A"|  so  that  a(us,  x)  €  X  [2,  3]. 

Definition  3.2  A  state  x  (E  A'  is  said  to  be  weakly  attractable  to  X ,  if  there  exists  a 
supervisor  S  such  that  x  is  strongly  attractable  to  X  in  the  coupled  system  POS.  The  set 
of  all  the  weakly  attractable  states  is  called  the  region  of  weak  attraction  and  is  denoted  by 

MX)- 
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Clearly,  Cl(X)  C  A(X).  If  ft(X)  =  X ,  then  P  is  said  to  be  stable  with  respect  to  X  and  if 
A(X)  =  JA,  then  P  is  said  to  be  stabilizable  with  respect  to  X.  Thus  in  order  to  test  whether 
a  given  system  is  stable  (stabilizable)  with  respect  to  a  given  set  of  legal  states,  one  needs 
to  compute  the  region  of  strong  (weak)  attraction.  The  definitions  of  strongly  and  weakly 
attractable  states  are  the  same  as  those  of  prestable  and  prestabilizable  states,  respectively 
[18]. 

Remark  3.3  Algorithms  for  constructing  the  regions  of  strong  and  weak  attraction  are 
presented  in  [18,  2,  3].  The  complexity  of  these  algorithms  is  quadratic  in  number  of  states 
of  the  system.  An  algorithm  of  linear  time  complexity  in  number  of  states  of  the  system  for 
constructing  the  regions  of  strong  and  weak  attraction  is  presented  in  the  Appendix  A  of 
this  paper.  This  algorithm  is  used  later  for  arriving  at  computationally  more  efficient  test 
for  determining  a  sufficient  condition  of  stability  and  stabilizability  introduced  below. 


4  Language- Stability 

So  far  we  have  discussed  stability  of  DEDS’s  defined  in  terms  of  their  legal  states  and 
provided  an  efficient  algorithm  for  testing  it  by  computing  the  regions  of  attraction  (refer 
to  Appendix  A  for  the  algorithm).  Next  we  provide  motivation  for  a  more  general  notion  of 
stability  which  we  call  language-stability  and  discuss  some  of  the  issues  related  to  stability 
in  this  framework. 

In  some  cases,  it  might  be  desirable  that  the  eventual  behavior  (rather  than  the  whole 
behavior)  of  the  system  be  legal,  so  the  whole  behavior  of  the  system  need  not  be  confined 
to  a  legal  language  as  in  [21,  20].  Thus  in  these  cases  the  control  task  can  be  formulated  as 
the  synthesis  of  a  supervisor  such  that  the  behavior  of  the  supervised  system  is  eventually 
legal.  This  leads  to  the  design  of  supervisors  that  are  less  restrictive  and  as  a  result,  the 
behavior  of  the  supervised  system  is  a  larger  language.  Hence,  we  will  formalize  the  notion  of 
eventual  behavior  of  the  systems  and  define  stability  and  stabilizability  of  systems  in  terms 
of  their  behavior.  As  discussed  in  the  previous  sections,  the  notions  of  stability  defined  in 
terms  of  languages  can  also  be  viewed  as  a  generalization  to  the  ones  defined  in  terms  of 
states  [18,  16,  2,  4,  3]. 

Example  4.1  Consider  the  machine  P  shown  in  Figure  2.  P  can  either  be  in  '‘idle” ,  “wor¬ 
king”,  “broken”  or  “display”  state.  Assume  that  initially  it  is  in  the  idle  state  and  goes  to 
the  working  state  when  the  action  “start”  is  executed.  While  in  the  working  state,  P  can 
either  “stop”  and  go  back  to  the  idle  state  or  can  “fail”  and  go  to  the  broken  state.  In 
the  broken  state  it  can  execute  either  the  action  “repair”  and  go  to  the  display  state  or  the 
action  “replace”  and  get  back  to  the  initial  idle  state.  While  in  the  display  state,  the  action 
“reject”  or  “approve”  can  be  executed,  so  the  resulting  state  of  P  can  either  be  broken  (if 
reject  is  executed)  or  idle  (if  approve  is  executed). 

Consider  the  above  example  for  the  stability  analysis  in  the  framework  of  [18,  16,  2,  4,  3]. 
The  states  idle  and  working  are  the  “good”  or  legal  states  of  P.  The  actions  start,  repair  and 
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replace  are  the  controllable  actions,  whereas  the  actions  stop,  fail,  reject  and  approve  are  the 
uncontrollable  actions.  Clearly,  P  is  not  stable  with  respect  to  its  legal  states  (once  P  executes 
fail,  it  is  not  guaranteed  to  get  back  to  the  legal  states;.  To  show  that  P  is  stabilizablc:  once 
it  executes  fail  and  goes  to  the  broken  state,  it  must  execute  the  controllable  action  replace 
to  go  back  to  the  legal  state  either  permanently  (as  in  [4,  2,  3])  or  temporarily  (as  in  [18jj. 
Suppose  instead,  it  executes  the  controllable  action  repair  and  goes  to  the  display  state; 
there  it  might  not  execute  the  uncontrollable  action  approve  in  which  case  it  would  remain 
in  the  illegal  state.  Hence  the  only  way  P  can  be  stabilized  is  by  executing  the  action  replace 
after  it  executes  fail.  This  however,  may  not  be  desired,  for  replacing  (and  not  repairing)  P 
whenever  it  fails  might  be  cost  ineffective.  Thus  in  this  example,  the  framework  of  118,  16.  3] 
may  be  too  restrictive  for  stabilizing  the  machine  P. 

We  would  like  the  desired  behavior  of  P  to  be  such  that  it  allow's  P  to  execute  the  repair- 
reject  sequence  for  a  finite  number  of  times.  In  other  words,  the  desired  behavior  of  P  is  that 
if  it  executes  fail,  it  should  execute  replace  or  approve  after  a  finite  number  of  executions 
of  the  repair-reject  sequence;  otherwise  it  should  execute  the  start  -stop  sequence.  The  way 
P  is  designed,  after  executing  fail,  it  might  never  execute  replace  or  approve  and  continue 
executing  the  repair-reject  sequence,  in  which  case  the  desired  behavior  is  not  achieved.  We 
note  that  the  desired  behavior  of  P  as  described  above  cannot  be  achieved  by  use  of  a  static 
feedback  controller. 

Moreover,  in  the  above  example,  P  is  allowed  to  execute  “illegal”  actions  (the  repair- 
reject  sequence)  after  it  executes  fail,  provided  it  eventually  executes  one  of  the  “legal’' 
actions  (replace  or  approve).  Thus  the  whole  behavior  of  the  system  need  not  always  be 
confined  to  a  legal  language  as  in  [21,  20].  With  these  motivations,  the  notions  of  stability 
of  systems  is  formally  defined  in  terms  of  their  legal  behavior: 

With  this  motivation,  we  formally  define  stability  of  systems  in  terms  of  their  legal 
behavior.  For  n  €  J\f,  let  X"  denote  the  set  of  strings,  each  of  length  n,  of  events  belonging 
to  X.  We  use  X-A  to  denote  Un<iv  Sra  for  each  N  €  Af. 


Definition  4.2  Let  A,  K  C  £*  be  two  languages.  A  is  said  to  be  language  stable  (l-stable) 
with  respect  to  K  if  there  exists  N  £  Af  such  that  A  C  K. 

Since  £-N  C  E-7'7’  whenever  N  <  N'  (iV,  N'  £  Af),  it  follows  that  if  A  is  ^-stable  with 
respect  to  K,  then  there  exists  a  smallest  integer  No  £  Af  such  that  L  C  £-jV°  Ah  Given  a 
string  s  £  E*,  let  un  £  S*  be  the  prefix  of  length  n  of  s  ( n  <  |sj),  and  let  vn  £  £*  be  such 
that  s  =  unvn.  We  define  a  map  fln  :  E*  — >  E*  in  the  following  manner: 

n  /  x  _  j  vn  for  n  <  |s| 
n  S  (  e  otherwise 

Thus  the  effect  of  the  map  IIn(-)  on  a  string  s  is  to  remove  the  initial  n  symbols  of  s. 

It  follows  from  Defiin  >n  4.2  that  A  C  S*  is  Astable  with  respect  to  K  C  E*  if  and  only 
if  there  exists  N  £  Af  such  that  for  every  string  s  £  L  there  exists  a  prefix  us  £  E*  of  s  with 
|us|  <  N  such  that  II|Us|(s)  £  K.  Thus  A  is  t-stable  with  respect  to  K  if  after  removing  a 
prefix  of  length  at  most  N  from  a  string  in  A,  it  matches  some  string  in  K .  The  language  L 
can  be  thought  to  be  representing  the  plant  behavior  and  the  language  K  can  be  thought  to 
be  representing  the  eventual  legal  behavior  of  plant.  If  A  is  not  Astable  with  respect  to  AT, 
then  it  is  said  to  be  i-stabilizable  with  respect  to  K  if  there  exists  a  supervisor  S  such  that 
the  closed  loop  behavior  is  Gstable  with  respect  to  K.  Formally, 

Definition  4.3  Consider  A,  K  C  £*.  A  is  said  to  be  l-stabilizable  with  respect  to  K  if  there 
exists  a  nonempty  controllable  [21]  sublanguage  H  C  L  such  that  H  is  Astable  with  respect 
to  K. 

Assume  that  I.  is  recognized  by  a  plant  P,  i.e.  Lm(P )  =  A.  Let  S  be  a  supervisor  such 
that  the  language  recognized  by  the  closed  loop  system  Lm{PUS)  is  As  table  and  controllable 
with  respect  to  K\  then  clearly  A  is  Astabilizable  with  respect  to  K  with  H  —  Lm(POS).  It 
is  know  that  the  closed  loop  behavior  Lm(POS)  is  controllable  if  and  only  if  S  is  a  complete 2 
supervisor  [21,  11,  10].  Thus  Definition  4.3  can  equivalently  be  stated  as:  A  is  said  to  be 
f-stabilizable  with  respect  to  K  if  there  exists  a  complete  supervisor  S  such  that  Lm(POS) 
is  A  stable  with  respect  to  K. 

Proposition  4.4  If  P  =f  (Af,  £,«,  x0,  Xm)  is  stable  (stabilizable)  with  respect  to  X  C  X, 
then  Lm(P)  is  Astable  (Astabilizable)  with  respect  to  Lm{P,x),  where  Lm(P,x)  is  the 
language  marked  by  P  assuming  the  initial  state  to  be  x. 

Proof:  Assume  that  the  SM,  P  =f  (A\  E.a,  a;o,Xm)  is  stable  with  respect  to  the  legal  set 
X  C  X.  Let  A  =  Lm{P ),  and  K  =  Lhei  Lm{P,  x).  Define  N  =f  \X  —  X|.  We  will  show  that 
A  C  E-n K.  Consider  s  £  A.  If  |s|  <  N,  then  s  €  S-^;  hence  s  £  E K.  If  |s|  >  N,  then 
there  exists  a  prefix  us  <  s,  |us|  <  N,  such  that  a{us,x0)  £  X  (follows  from  the  fact  that 

2  A  supervisor  S  is  said  to  be  complete  if  for  all  sEE*,(7„EL  :sE  L(PaS),scru  £  L(P)  =>  scru  £ 
L(POS). 
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xo  is  strongly  attractable  to  X).  Thus  Il|u  1(5)  G  A  (by  definition  of  I\).  Hence  3  G  E - v K ; 
which  shows  that  A  is  Gstable  with  respect  to  A  . 

Similarly,  it  can  be  shown  that  if  P  is  stabilizable  with  respect  to  X ,  then  A  is  t- 
stabilizable  with  respect  to  K.  □ 

Proposition  4.4  shows  that  stability  (stabilizability)  in  terms  of  states  in  some  sense 
implies  ^-stability  (^-stabilizability).  We  show  in  the  next  example  that  the  converse  does 
not  necessarily  hold,  thus  showing  that  the  notion  of  ^-stability  (^-stabilizability )  is  finer 
than  that  of  stability  (stabilizability). 

Example  4.5  Let  E  =  E„  =  {a,b,c,d}.  Consider  the  languages  L,Ki(i  >  1)  C  E*  given 
by:  A  =  ( ab)*cd *  and  and  A';  =  d*  +  b(ab)‘ (ab)*  cd* .  Generators  for  A  and  Afi  =  d*  + 
bab(ab)*cd *  are  shown  in  Figure  3.  Letting  N  =f  2 i  +  1,  it  can  be  easily  verified  that 
A  C  S-iV Afi  for  each  i  >  1,  and  also  that  N  is  the  smallest  integer  for  which  the  last 
inclusion  holds.  Fix  for  example  i  —  1.  We  show  that  A  C  E-3Afi.  A  consists  of  strings  cd* 
(no  ab  followed  by  cd*),  abed *  (one  ab  followed  by  cd*),  and  ( ab)-2cd *  (two  or  more  ab  followed 
by  cd*).  First  consider  the  strings  in  cd*  C  L.  Then  Hi(c<A)  =  d*  C  I{\.  Next  consider  the 
strings  in  abed*  C  L.  Then  U3(abcd*)  =  d*  C  K\.  Finally  consider  (ab)-2cd*  C  L.  Then 
H i((ab)-2 cd*')—  b(ab)-xcd*  =  bab(ab)*cd*  C  Afi.  Thus  it  follows  that  L  C  E-3A'1. 


A  =  Lm(P)  =  (ab)*cd*  Afi  =  Am(V,)  =  d*  +  bab{ab)*cd* 

Figure  3:  Diagram  illustrating  Example  4.5  with  i  =  1 

Since  L  is  Astable  with  respect  to  each  Kt  it  follows  that  L  is  also  Astabilizable  with 
respect  to  each  Kt . 

Let  P,  Vi  be  the  minimal  SM’s  generating  A,  Kt  respectively.  Then  P,  V  must  have  3, 2i+A 
states  respectively  (refer  to  Figure  3  for  i  =  1).  It  can  be  easily  seen  that  P  is  not  stable 
with  respect  to  any  of  its  subset  of  states.  Since  E„  =  E,  P  is  not  stabilizable  with  respect 
to  any  of  its  subset  of  states  either. 

Example  4.6  Consider  the  languages  A  =  ( ac  +  b)a(a  +  b )x  and  K  —  (ab)*  defined  over 
S  =  Sc  =  {a,  6,  c}.  We  will  show  that  A  is  not  Gs table  with  respect  to  K,  i.e.  there  exists 
no  N  G  Af  such  that  A  C  S-A  K.  To  prove  this,  we  assume  for  contradiction  that  there 
exists  No  G  N  is  such  that  A  C  S-A°  AL  Consider  the  string  baaN°  G  L.  Any  substring  of 
it  obtained  by  removing  an  initial  finite  segment  of  length  less  than  No  does  not  match  any 
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string  in  K  (a  string  in  K  contains  the  symbol  b  at  the  end,  whereas  the  string  baaN°  ends 
with  the  symbol  a). 


Generator  for  L  =  ( ac  +  b)a(a  +  b )* 


Generator  for  H  —  (ac  +  b)a(ab )* 


Figure  4:  Diagram  illustrating  Example  4.6 

Consider  a  sublanguage  H  —  ( ac-\-b)a(ab )*  C  L  as  shown  in  Figure  4.  Since  Ec  =  E,  H  is 
controllable  with  respect  to  L.  It  can  be  easily  seen  that  H  =  (ac  +  b)a(ab)*  is  ^-stable  with 
respect  to  K  —  ( ab )*  (consider  any  string  from  H  and  remove  the  initial  segment,  either  aca 
or  6a,  whichever  is  appropriate;  the  resulting  string  belongs  to  K).  Thus  L  is  Gstabilizable 
to  K. 

In  this  example,  it  is  clear  that  a  dynamic  feedback  type  supervisor  has  been  used  to 
^-stabilize  the  given  language.  Also,  a  static  feedback  type  control  cannot  be  used  to  stabilize 
L  =  ( ac  +  b)a(a  +  b )*  with  respect  to  K  =  (ab)*.  This  follows  since  any  string  in  K  contains 
an  equal  number  of  a’s  and  6’s,  and  L  cannot  be  restricted  to  a  language  H  C  L  with  all  its 
strings  having  an  equal  number  of  a’s  and  6’s  at  its  end  by  using  a  static  supervisor  (refer 
to  Example  2.7).  In  [18,  2,  3],  where  stability  is  defined  in  terms  of  the  legal  states,  the 
supervisors  considered  for  stabilizing  DEDS’s  are  all  assumed  to  be  of  static  feedback  type. 
Thus  a  more  general  type  of  control  is  needed  to  ^-stabilize  the  behavior  of  a  given  system, 
which  also  shows  that  the  notion  of  ^-stability  (Cstabilizability)  is  a  finer  notion. 

Example  4.7  Consider  a  system  consisting  of  a  single  buffer  of  unbounded  capacity.  Only 
two  types  of  events* arrival,  denoted  a,  and  departure,  denoted  6,  occur  in  this  system,  i.e. 
E  =  {«,&}.  The  behavior  of  this  system  can  be  described  the  language: 

L  =  {seS*|#(a,s)>#(6,5)}, 

where  the  symbol  #(x,y)  is  used  to  denote  the  number  of  times  the  symbol  x  occurs  in  the 
string  y.  We  may  be  interested  in  determining  whether  there  exists  some  number  N  £  J\f 
such  that  after  execution  of  all  strings  of  length  larger  than  N,  the  buffer  content  is  bounded 
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above  by  a  fixed  number  N0  G  N '.  The  above  problem  can  be  posed  as  a  ^-stability  problem 
with  the  “eventually  reachable”  language  K  C  S*  defined  as: 

a'  =  {6gs*|#m-#m<at0}. 

K  corresponds  to  the  content  of  the  buffer  being  bounded  above  by  Nq. 

It  is  easy  to  see  that  L  is  not  ^-stable  with  respect  to  K ,  i.e.  there  does  not  exist  any  N 
such  that  after  execution  of  all  strings  of  length  larger  than  N,  the  buffer  content  is  bounded 
above  by  Nq.  Note  that  in  this  example  K  C  L ,  and  if  the  arrival  event  a  is  controllable,  then 
L  can  be  restricted  to  the  language  K  by  disabling  a  whenever  the  buffer  content  becomes 
equal  to  Nq.  This  proves  that  L  is  Gstabilizable  with  respect  to  K. 

Next  we  present  algorithms  for  testing  ^-stability  and  Gstabilizability  of  a  language  L  with 
respect  to  another  language  K . 

4.1  Algorithms  for  testing  ^-stability  and  f’-stabilizability 

In  order  to  test  whether  a  language  L  is  Gstable  (Gstabilizable)  with  respect  to  another 
language  K,  we  need  to  test  whether  there  exists  an  integer  N  G  A  such  that  L  C  E -N  K 
( H  C  E -NK,  where  H  C  L).  This  problem  can  equivalently  be  posed  in  terms  of  the 
reversal  [1]  of  languages  that  we  define  next. 

Definition  4.8  Given  a  string  s  €  S*,  its  reversal  sR  G  £*,  is  the  string  obtained  by 
reversing  s.  Given  a  language  L  C  S*,  its  reversal  LR  C  S*  is  defined  to  be:  LR  =f  {sR  G 
EN.s  G  ./,}• 

Next  we  discuss  some  of  the  properties  of  the  reversal  operator.  We  use  L,L\,L,2  to 
denotes  languages  defined  on  E. 

Lemma  4.9 

1.  Reversal  preserves  regularity,  i.e.  if  L  is  regular,  then  so  is  LR . 

2.  {LR)R  =  L, 

3.  Reversal  is  monotone,  i.e.  if  L\  C  T2>  then  LR  C  LR. 

4.  {LxL2)r  =  LrLr. 

Proof:  1.  The  proof  is  based  on  constructing  a  FSM  that  recognizes  LR  using  a  FSM 
realization  for  L,  and  can  be  found  in  [8]. 

2.  Follows  from  the  definition  of  the  reversal  of  languages  and  the  fact  that  for  any  string 
3  G  £*,  {sR)R  =  3. 

3.  Pick  .s  G  LR ;  then  sR  G  Lx.  Since  Lx  C  L2,  it  follows  that  sR  G  L2,  i.e.  =  s  G  LR. 
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4.  We  first  show  that  ( LiL2)r  C  LRLR.  Pick  5  €  (LiL2)r;  then  sR  G  L\L2,  i.e.  there  exist 
us  G  Li  and  vs  €  L2  such  that  usus  =  sR.  Hence  s  —  ( sR)R  —  (■ usvs)R  —  vRuf  G  LRLR. 

Next  we  show  that  LRLR  C  (i1L2)fl-  Pick  .s  G  LRLR]  then  there  exist  u5  G  L2  and 
us  G  Li  such  that  ufuf  =  .s.  Hence  s  =  ( sR)R  =  =  (usvs)R  G  (L1L2)R.  □ 

Corollary  4.10  A  C  H-N K  if  and  only  if  LR  C  KRE-N ,  where  L,  K  C  E*  and  N  E.  Af. 

Proof:  Assume  that  A  C  S-,VA';  then  it  follows  from  part  3  of  Lemma  4.9  LR  C  (E-N  K)R. 
Since  (E-lV)fl  =  E-^,  it  follows  from  part  4  of  Lemma  4.9  that  AH  C  KR E-N . 

Assume  next  that  LR  C  KRE-N]  then  from  part  3  of  Lemma  4.9  it  follows  that  ( LR)R  C 
( KrTi-n)r .  Thus  from  part  4  of  Lemma  4.9  we  obtain  (LR)R  C  E-N  (KR)R.  It  then  follows 
from  part  2  of  Lemma  4.9  that  L  C  T*-N K .  □ 

Thus  the  problem  of  testing  ^-stability  of  a  language  L  with  respect  to  another  language 
K  can  be  equivalently  posed  as  that  of  determining  an  integer  N  G  A1”,  if  it  exists,  such 
that  LR  C  KrYj-n .  Hence,  given  two  languages  L,  K  C  S*,  we  next  analyze  the  problem  of 
determining  an  integer  N  G  A/",  if  it  exists,  such  that  LR  C  KRT,-N . 

Let  P  =f  (A,  E,a,  x0,  Xm)  and  V  =f  (Q,E,6,qo,Qm)  be  two  SM’s  such  that  Lm(P)  —  LR 
and  Lm(V)  =  KR.  Assume  further  that  P  is  trim  [8]  so  that  L(P)  =  Lm{P )  =  LR ,  and  V  is 
such  that  L(V)  =  E*,  i.e.  V  is  a  SM  that  recognizes  KR  and  has  an  additional  dump  state 
in  order  to  generate  E*.  Consider  a  slightly  different  synchronous  composition  of  P  and  V, 
denoted  PU'V ,  given  by  the  5-tuple: 

Pa'V'M  (KE,p,r0,Rm) 

where  the  state  set  R ,  the  transition  function  /?(•,•),  and  the  initial  state  r0  are  defined  as 
in  the  definition  of  synchronous  composition  in  section  2,  and  Rm  =  {rG  Xm  x  Q  |  3s  G 
E*  s.t.  p(s,ro)  —  r}.  This  is  a  slight  variation  to  the  earlier  definition  of  marked  states  in 
synchronous  composition  of  two  state  machines.  Note  that  Rm  consists  of  those  states  in 
Xm  x  Q  that  are  reachable  from  the  initial  state  r0,  hence  Rm  C  Xm  X  Q.  Also,  note  that 
all  transitions  are  defined  in  all  states  of  V,  i.e.  given  any  event  a  G  E  and  any  state  q  G  Q, 
6(a,q)\.  Hence  for  any  event  a  G  S  and  state  r  =  (x,q)  G  R ,  p(a,(x,q))  is  defined  if  and 
only  if  a(<7,  x)  is  defined. 

Lemma  4.11  Let  P  and  V  be  the  two  SM’s  as  defined  above.  Then  Lm{P U'V)  —  Lm(P), 
and  L(Pn'V)  =  L(P). 

Proof:  First  we  show  that  Lm(Pn'V)  C  Lm(P).  Pick  s  G  Lm(PO'V)]  then  p(s,r0 )  G  Rm. 
Since  /)(s,ro)  is  defined  if  and  only  if  0(5,  x0)  is  defined,  and  Rm  C  Xm  x  Q ,  it  follows 
that  a(s,x0)  G  Xm.  Thus  s  G  Lm(P).  Next  we  show  that  Lm(P)  C  Lm(PO'V).  Pick 
s  G  Lm(P );  then  a(s,x0)  G  Xm.  Again,  since  a(s,r0)  is  defined  if  and  only  if  p(s,r0 )  is 
defined,  p(s,r0)  G  Xm  x  Q.  The  state  p(s,ro)  is  clearly  a  reachable  state  from  ro,  hence 
p(s,r0)  G  Rm ,  which  shows  that  s  G  Lm(PO'V). 

Since  L(Pn'V)  —  L(P)  fl  L{V)  —  L(P)  ft  E*=L(P),  the  other  result  follows.  □ 
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Given  two  languages  L,  I\  C  £*,  next  we  present  a  necessary  and  sufficient  condition  to 
determine  whether  there  exists  an  integer  N  G  M  such  that  LR  C  KRT,-N  in  terms  of  the 
graphical  structure  of  SM’s  recognizing  the  languages  LR ,  KR. 

Consider  R ,  the  state  set  of  PU'V .  Let  /?*  denote  the  set  of  all  finite  sequences  of  states 
belonging  to  R.  Consider  p  G  R*  such  that  p  =  (r^  . . .  r; .  .  .  rn)  €  R* ,  where  r(  G  R  for  each 
1  <  i  <  n  and  n  G  Af.  Then  p  is  said  to  be  a  path  starting  at  rx  and  ending  at  rn  in  PUV , 
if  there  exist  a  string  sp  G  £*,  sp  =  a\a2 . . .  crt . . .  crn-i,  where  er,-  G  £  for  each  1  <  i  <  n  —  1, 
such  that  p((<Ti  . . .  =  rt  for  each  1  <  i  <  n.  sp  G  £*  as  described  above  is  called 

the  string  corresponding  to  path  p.  Thus  given  a  path  p  in  PUV,  there  exists  at  least  one 
string  sp  G  £*  corresponding  to  p.  A  state  r  £  R  is  said  to  be  a  path-state  of  the  path  p  if 
r  =  ri  for  some  1  <  i  <  n.  p  is  said  to  be  a  loop-path  if  there  exist  i,j  with  1  <  i  <  j  <  n 
such  that  r;  =  ry ;  in  which  case  the  portion  ri . . .  r}  of  p  is  called  the  loop-portion  of  p.  p  is 
said  to  be  a  loopfree-path  if  p  is  not  a  loop-path. 

Theorem  4.12  Let  LR,I\R  C  £*  be  the  languages  recognized  by  the  SM’s  P,  V  respectively 
as  described  above.  Then  there  exists  an  integer  N  G  Af  such  that  LR  C  KRT,-N  if  and  only 
if  the  following  hold  in  the  SM  PU'V: 

Cl  For  each  rm  G  Rm  and  for  every  path  p  in  PU'V  that  starts  at  ro  and  ends  at  rm,  there 
exists  a  path-state  r  —  (x,q)  G  X  x  Q  of  p  such  that  q  G  Qm. 

C2  For  each  r  —  (x,  q)  G  X  x  Qm  and  each  rm  G  Rm ,  if  a  path  p  in  PU'V  that  starts  at  r 
and  ends  at  rm  has  none  of  its  path-states  in  X  x  Qm  (other  than  the  one  at-  which  it 
starts),  then  p  is  a  loop-free  path. 

Proof:  Assume  that  there  exists  an  integer  N  G  N  such  that  LR  C  KRT,-N\  then  we  first 
show  that  Cl  holds. 

Fix  a  path  p  in  PU'V  such  that  p  starts  at  r0  and  ends  at  rm  G  Rm •  Then  there  exists  a 
string  sp  G  Lm(PWV)  such  that  p(sp,r0)  =  rm.  Since  Lm{PU'V)  —  Lm(P)  =  LR  (Lemma 
4.9  and  definition  of  P),  sp  G  LR.  Thus  it  follows  from  the  assumption  that  sp  G  KRH-N , 
i.e.  there  exist  uSp  G  KR  and  vSp  G  such  that  sp  =  uSpvSp.  Consider  the  path-state 

r  =  (x,q)  =  p(us  ,ro )  of  p.  Since  uSp  G  KR ,  the  state  q  reached  by  accepting  uSp  in  V 
belongs  to  Qm ,  i.e.  r  =  (x,q)  G  X  x  Qm. 

Next  we  show  that  C2  holds.  Fix  a  path  p  in  PU'V  such  that  p  starts  at  r  =  (x,q)  G 
X  x  Qm  and  ends  at  rm  €  Rm  and  none  of  the  path-states  of  p  other  than  the  first  one  are 
in  X  x  Qm.  Assume  for  contradiction  that  C'2  is  false,  i.e.  p  is  a  loop-path.  Consider  the 
string  s  G  L(PWV)  such  that  p(s,rQ)  =  r  =  (x,q).  Since  q  G  Qm,  s  G  Lm  [V]  =  KR.  Let 
tp  =  upVpWp  G  S*  be  a  string  corresponding  to  the  path  p,  where  vp  represents  the  string 
corresponding  to  the  loop-portion  of  p.  Then  stp  =  supvpwp  G  Lm(PU'V)  —  LR  (since 
p{stp,r0 )  =  rm  G  Rm)-  Hence  the  string  tup(vp)N+1wp  G  LR.  Then  there  exists  no  prefix 
s'  G  KR  of  the  string  sup(vp)N+1wp  such  that  U^si\i(sup(vp)N+lwp)  G  S-^,  which  contradicts 
the  fact  that  LR  C  KrTi-n .  This  completes  the  proof  of  the  fact  that  Cl  and  C2  are 
necessary  conditions  for  an  integer  N  £  j\f  to  exist  such  that  LR  C  KRT,-N .  It  remains  to 
show  that  Cl  and  C2  are  sufficient  conditions  also. 
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Assume  then  that  Cl  and  C2  hold  for  SM  PO'V.  Since  C2  holds,  any  path  p  in  PO'V, 
that  starts  at  r  =  ( x,q )  e  X  x  Qm  and  ends  at  rm  G  Rm  with  none  of  its  path-states  (other 
than  the  first  one)  in  X  x  Qm,  is  a  loopfree-path.  Let  V  denote  the  collection  of  all  such  paths 

(paths  that  satisfy  condition  C2).  Define  N  =f  maxpep  |p|,  where  |p|  denotes  the  length  of 
path  p.  Then  we  will  show  that  LR  C  KRE-N .  Note  that  since  C2  holds,  all  the  paths  p  G  V 
are  loopfree-paths,  hence  the  maximum  in  the  definition  of  N  exists.  In  order  to  show  that 
Lr  C  KrY.-n ,  pick  5  G  LR.  Then  5  €  Lm(PO'V).  Let  p(s,r0)  =  rm  G  Rm.  Consider  the 
path  ps  in  PO'V  corresponding  to  string  s.  Since  PO'V  is  deterministic,  ps  is  unique.  Also, 
ps  starts  at  r0  and  ends  at  rm  G  Rm-  Hence  by  Cl,  there  exists  a  path-state  r  =  (x,q)  of  ps 
such  that  r  =  (x,  q)  G  X  x  Qm.  Let  r1  be  the  last  such  path-state  of  ps ,  i.e.  r'  G  X  x  Qm  and 
all  the  path-states  of  ps  that  follow  r'  do  not  belong  to  X  x  Qm.  Let  the  portion  of  ps  that 
starts  at  r'  and  ends  at  rm  be  denoted  by  p1;  then  from  C2  p'  is  a  loopfree-path,  also  p'  G  V. 
It  follows  from  the  definition  of  N  that  \p'\  <  N.  Let  u'  G  E*  be  the  prefix  of  s  such  that 
p(u',r0)  =  r',  then  u'  G  KR  (since  r'  G  X  x  Qm ),  and  H|u/|(s)  €  E-N.  Thus  s  G  KRT,-N . 
This  completes  the  proof  of  Theorem  4.12. 

Remark  4.13  The  conditions  Cl  and  C2  can  be  tested  in  PO'V  in  the  following  manner: 

1.  Consider  the  state  set  R  of  PO'V  and  remove  all  the  states  r  —  (x,q)  £  R  (and  the 
transitions  entering  or  leaving  these  states)  for  which  q  €  Qm ■  Then  for  Cl  to  hold, 
there  must  not  exist  any  path  connecting  r0  to  any  rm  €  Rm  in  the  machine  obtained  by 
removing  the  above  states.  Thus  Cl  can  be  verified  by  performing  a  single  reachability 
test  on  the  reduced  machine  as  described  above. 

2.  Next  fix  a  state  r  =  (x,q)  £  R  with  q  €  Qm  and  remove  from  PO'V  all  the  other  states 
r'  =  (x',q')  €  R  (and  the  transitions  entering  or  leaving  these  states)  having  q'  G  Qm. 
Then  for  C2  to  hold  for  this  state  r,  any  path  connecting  r  to  any  rm  G  Rm  in  the 
machine  obtained  by  removing  the  above  states  must  be  acyclic.  Repeat  the  above  for 
every  state  r"  —  (x",  q")  G  R  with  q"  G  Qm  and  test  for  acyclicity.  Since  for  each  such 
state  acyclicity  can  be  tested  by  computing  its  reachability  set,  testing  C2  requires  at 
most  |PD'V|  rechability  tests  to  be  performed,  where  \PO'V\  denotes  the  number  of 
states  in  PO'V. 

Thus  it  follows  from  above  that  testing  Cl  and  C2  requires  at  most  \PO'V |  +  1  reachability 
tests  to  be  performed.  Since  the  reachability  set  can  be  computed  in  0(\PO'V\)  time,  the 
complexity  of  testing  Cl  and  C2  is  of  order  0{\PO'V\2).  Let  m,n  G  A  be  the  number 
of  states  in  the  minimal  SM’s  recognizing  L,K  respectively,  then  the  number  of  states  in 
SM’s  P,  V  recognizing  Ln ,  KR  respectively  is  2m,2"  respectively  (reversal  operation  requires 
nondeterministic  to  deterministic  conversion  of  SM’s).  Hence  the  computational  complexity 
of  testing  ^-stability  of  L  with  respect  to  A'  is  0( 22im+rd). 

Example  4.14  Consider  the  languages  A,  Ah  C  { a ,  b,  c,  d}*  as  in  Example  4.5:  L  =  ( ab)*cd * 
and  K\  —  d*  +  bab(ab)*cd* .  Recognizers  for  L  and  Afi  are  shown  in  Figure  3.  Then  LR  — 
d*c(ba )*  and  KR  —  d*  +  d*c(ba)*bab  =  d*  +  d*cbab{ab)*.  Let  P,  V  be  state  machines  such 
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that  Lm(P)  =  LR,  Lm(V)  =  I\R,  and  L(P )  =  Lm(P),  L(V)  —  E*  respectively  as  in  Theorem 
4.12.  Construct  PO'V  as  described  above.  Recognizers  for  P,V,PO'V  are  shown  in  Figure 
5.  in  Figure  5  A  state  (x,q)  in  the  state  set  R  of  PU'V  is  marked  if  and  only  if  the  state 
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Lm(P)  =  LR  =  d*c(ba )*  Lm(V)  =  I<R  =  d*  +  d*cbab(ab)*  Lm(Pn'V)  =  d*c{ba )* 

Figure  5:  Diagram  illustrating  Example  4.14 

x  G  Xm.  Since  state  2  G  X  is  the  only  state  marked  in  P,  the  states  (2, 2),  (2, 4)  and  (2,6) 
are  the  marked  states  in  PO'V.  We  now  check  whether  conditions  Cl  and  C2  of  Theorem 
4.12  hold.  Consider  any  path  in  PU'V  starting  from  the  initial  state  (1,1)  and  ending  at 
one  of  the  marked  states  (2,2)  or  (2,4)  or  (2,6).  Then  this  path  obviously  visits  the  state 

(1. 1) .  Since  (1, 1)  G  X  x  Qm  (state  1  is  marked  in  V),  condition  Cl  holds.  In  order  to  show 
that  C2  holds  consider  any  path  in  PU'V  starting  at  the  initial  state  (1,1)  and  ending  at 
one  of  the  marked  states  either  (2,2)  or  (2,4)  or  (2,6).  If  the  path  ends  at  (2,2),  then  the 
last  state  (x,  q)  such  that  q  G  Qm  visited  along  this  path  is  (1,1).  Consider  the  path  segment 
between  (1, 1)  and  (2,2);  it  is  loop-free.  If  the  path  ends  at  (2,4),  then  the  last  state  (x,q) 
with  q  G  Qm  visited  along  this  path  is  again  (1,1),  and  again  the  path  segment  between 

(1. 1)  and  (2,4)  is  loop-free.  Finally,  if  the  path  ends  at  (2,6),  then  the  last  state  (x,q)  with 
q  €  Qm  visited  is  (3,5),  and  the  path  segment  between  (3,5)  and  (2,6)  is  again  loop-free. 
Thus  condition  C2  also  holds.  It  then  follows  from  Theorem  4.12  that  L  is  /-stable  with 
respect  to  AT  as  expected  (refer  to  discussion  in  Example  4.5. 

Corollary  4.15  Consider  two  regular  languages  L,K  C  E*.  Let  m,n  G  Af  be  the  number 
of  states  in  the  minimal  SM’s  recognizing  L,  K  respectively.  L  is  /-stable  with  respect  to  K, 
if  and  only  if  L  C  S-2m+nAC 

Proof:  For  proving  the  “if’  part  we  need  to  show  that  L  C  S-2m+"A"  implies  L  is  /-stable 
with  respect  to  K.  This  is  trivially  true:  set  N  =  2m+"  in  the  definition  of  /-stability.  In 
order  to  prove  the  “only  if’  part  w.e  need  to  show  that  if  L  /-stable  with  respect  to  K,  then 
L  C  w<2 m+nR.  Since  L  is  /-stable  with  respect  to  A',  it  follows  from  Corollary  4.10  that 
there  exists  N  G  AT  such  that  LR  C  KRT,-N .  Let  P,  V  be  machines  recognizing  LR.  KR 
respectively  as  in  Theorem  4.12.  It  then  follows  from  Theorem  4.12  that  N  <  |PQ/Vr|  (refer 
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to  the  second  part  of  the  proof  of  Theorem  4.12  where  N  is  defined  to  be  N  =f  ma xpe-p  |p|; 
since  each  p  €  V  is  loop-free,  \p\  <  |PD'V|,  hence  N  <  \ PU'V\).  Since  the  number  of 
states  in  SM’s  recognizing  L,K  is  m,n  respectively,  the  number  of  states  in  P,V  is  2m,2n 
respectively  (reversal  operation  requires  nondeterministic  to  deterministic  conversion  of  SM’s 
[1]).  Thus  it  follows  that  N  <  \PO'V\  =  (2m)(2n)  =  2m+T  □ 

Remark  4.16  Thus  ^-stability  of  a  given  language  L  with  respect  to  another  language  K 
can  also  be  determined  by  testing  whether  P  C  T,-2m+n  K,  where  m,n  €  Af  are  the  numbers 
of  states  present  in  SM’s  recognizing  P,  I\  respectively. 

Next  we  consider  the  problem  of  testing  Astabilizability  of  a  given  language  PCS* 
with  respect  to  another  language  K  C  E*.  Let  P,V  be  the  SM’s  recognizing  language 
P,  K  respectively.  The  supervisor  that  disables  all  the  controllable  transitions  of  P  (treated 
as  a  plant)  is  called  the  maximally  restrictive,  supervisor.  .The  behavior  of  P  under  the 
maximally  restrictive  control  is  giv  y  Pfll  lote  that  since  P  P  is  the  closed  loop 
behavior  under  the  control  of  the  ximally  .  rictive  supervisor,  ?n  any  nonempty 

controllable  sublanguage  H  C  P,  P  ( 1  E*  C  H.  Also,  note  that  P  Pi  Pu  ls  controllable,  for 

(P?TE*)SU  n  L(P)  =  pns*. 

Theorem  4.17  P  is  Pstabilizable  with  respect  to  K  if  and  only  if  P  fl  S*  is  nonempty  and 
^-stable  with  respect  to  K. 

Proof:  Assume  that  P  is  f-stabilizable  with  respect  to  K.  Then  there  exists  N  €  Af  and  a 
nonempty  controllable  sublanguage  H  C  P  such  that  H  C  S -N K.  Note  that  P  fl  E*  C  H 
(by  definition  of  maximally  restrictive  control).  Hence  p  n  Si  c  s  *nk.  Thus  P  n  s*  is 
^-stable  with  respect  to  K. 

Next  assume  that  P  fl  E*  is  nonempty  and  ^-stable  with  respect  to  K.  Since  P  fl  S*  is 
controllable,  it  follows  that  P  is  Astabilizable  with  respect  to  K .  □ 

Remark  4.18  Thus  P-stabilizability  of  a  given  language  P  with  respect  to  another  language 
K  can  be  determined  by  testing  whether  P  fl  S*  is  nonempty  and  ^-stable  with  respect  to 
K. 


As  stated  in  Remark  4.13,  the  algorithm  for  testing  ^-stability  of  P  with  respect  K  is  of 
computational  complexity  that  is  exponential  in  the  number  of  states  present  in  SM’s  recogni¬ 
zing  P  and  K.  Hence  so  is  the  complexity  of  the  algorithm  that  tests  the  Pstabilizability  of  P 
with  respect  to  K.  Next  we  present  a  sufficient  condition  for  ^-stability  of  P  with  respect  to  K 
that  can  be  tested  in  polynomial  time.  Let  P  =f  (X,  S,  a,  x0,  Xm)  and  V  =f  (Q.  E,  8,  qo,  Qm) 
be  two  SM’s  recognizing  L  and  K  respectively.  Define  the  following  subset  of  states  Xs  C  X : 

Xs  =  {xeX\Lm(P,x)CK} 

where  Lm(P,x )  is  the  language  recognized  by  P  assuming  its  initial  state  to  be  x  £  X. 

Proposition  4.19  Consider  SM’s  P ,  V  as  defined  above.  If  x0  €  O(Xs),  then  P  is  f-stable 
with  respect  to  K. 
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Proof:  Define  N  =  \X  —  Xs | ;  then  to  prove  ^-stability  of  L  with  respect  to  K ,  we  need  to 
show  that  L  C  T,-NK.  Consider  s  G  L.  If  |s|  <  iV,  then  clearly  s  G  £-lVAL  So  let  s  G  L 
be  such  that  |s|  >  N.  Then  it  follows  from  the  definition  of  region  of  strong  attraction  that 
there  exists  a  prefix  us  G  £*,  |us|  <  N,  of  s  such  that  a(us,x0)  G  Xs-  Also,  by  the  definition 
of  Xs,  nK,(s)  G  K,  which  shows  that  s  G  S-A  K.  □ 

Thus  if  x0  is  strongly  attractable  to  a  state  in  Xs,  then  P  after  starting  from  x0  reaches 
a  state  in  Xs  in  at  most  |A  —  X 5 1  transitions,  and  then  onwards  follows  a  string  in  K .  The 
following  algorithm  checks  the  sufficient  condition  of  ^-stability  of  Proposition  4.19: 

Algorithm  4.20 

1.  Determine  the  subset  of  states  Xs  C  X  defined  above. 

2.  Compute  Q(Xs)  using  Algorithm  A.l. 

3.  If  Xo  G  Cl(Xs),  then  L  is  Cstable  with  respect  to  K. 

Let  P,  V  be  the  minimal  SM’s  recognizing  L,K  respectively  and  let  m,n  G  .A/"  be  the 
number  of  states  in  P,  V  respectively.  Then  step  1  of  Algorithm  4.20  can  be  determined  in 
0(m2n)  time,  and  step  2  and  3  can  both  be  determined  in  0(m)  time  (refer  to  Theorem  A.2). 
Hence  the  computational  complexity  of  Algorithm  4.20  is  0(m2n )  which  is  polynomial  in 
m,n.  Note  that  Algorithm  4.20  tests  only  for  the  sufficiency  condition  of  ^-stability.  Hence 
if  the  condition  in  step  3  of  Algorithm  4.20  is  not  satisfied,  ^-stability  of  L  with  respect  to  K 
is  determined  by  testing  conditions  Cl  and  C2  of  Theorem  4.12  as  described  in  Remark  4.13. 
Next  we  present  a  sufficient  condition  for  Cstabilizability  of  L  with  respect  to  K ,  which  can 
also  be  tested  in  polynomial  time. 

Proposition  4.21  Consider  the  SM’s  P,V .  Let  X's  d=  {x  G  X  \  Lm{P,  x)  nS*„C  I<}.  If 
Xo  G  A(A^),  then  L  is  Cstabilizable  with  respect  to  K. 

Proof:  Similar  to  the  proof  of  Proposition  4.19.  □ 

The  following  algorithm  can  be  used  for  testing  the  sufficient  condition  of  Cstabilizability 
of  Proposition  4,21: 

Algorithm  4.22 

1.  Compute  X's  C  X. 

2.  Compute  A.(X'S)  using  the  modification  to  Algorithm  A.l  described  in  Remark  A. 3. 

3.  If  x0  G  l\.(X's),  then  L  is  Cstabilizable  with  respect  to  I\. 

The  computational  complexity  of  Algorithm  4.22  is  also  0(m2n ),  where  m,  n  is  the  num¬ 
ber  of  states  in  P,  V  respectively. 
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5  Weakly  Stabilizing  Supervisors 

In  the  previous  section  we  showed  that  given  a  plant  P  with  physical  behavior  L  C  S* 
and  desired  eventual  behavior  K  C  £*,  it  can  be  verified  whether  or  not  L  is  ^-stable  or  t- 
stabilizable  with  respect  to  K.  In  case  L  is  ^-stable  with  respect  to  K ,  the  eventual  behavior 
of  P  is  contained  in  K;  hence  no  supervisor  is  needed.  If  L  is  not  ^-stable  but  is  Astabilizable 
with  respect  to  K ,  then  a  supervisor  must  be  constructed  to  insure  that  the  eventual  closed 
loop  behavior  of  the  system  is  a  sublanguage  of  K.  The  Astabilizability  of  L  guarantees  the 
existence  of  a  stabilizing  supervisor,  but  a  minimally  restrictive  stabilizing  supervisor  need 
not  in  general  exist.  This  is  evident  from  the  following  proposition: 

Proposition  5.1  ^-stability  is  not  preserved  under  union. 

Proof:  We  show  by  the  following  example  that  Astabilizability  is  not  preserved  under  union. 
Let  £  =  £c  =  {a, 5},  L  =  a*b*  denote  the  plant  behavior  and  K  =  b *  denote  the  desired 
eventual  behavior.  Then  there  does  not  exist  any  integer  N  €  Af  such  that  L  C  £-Nif,  i.e. 
L  is  not  Astable  with  respect  to  K. 

Next  consider  the  following  family  of  sublanguages  {L,-}t-€.y  of  L  with  Li  =  alb*  for  each 
i  €  A f.  Then  it  is  clear  that  for  each  i  €  J\f,  Li  is  controllable  (since  £c  —  £)  and  also 
Astable  (since  Li  C  £-'/L)  sublanguage  of  L.  But  Uietf  Li  =  L  is  not  testable  with  respect 
to  K\  thus  showing  that  ^-stability  is  not  preserved  under  union.  □ 

The  implication  of  Proposition  5.1  is  that  if  the  plant  behavior  L  is  not  Astable  with  res¬ 
pect  to  the  desired  eventual  behavior  K ,  then  the  minimally  restrictive  stabilizing  supervisor, 
which  will  restrict  the  plant  behavior  to  the  supremal  Astable  sublanguage  of  L,  cannot  in 
general  be  constructed.  Next  we  define  a  weaker  notion  of  language  stability  that  we  call 
weak  t- stability  which  is  preserved  under  union  so  that  the  minimally  restrictive  stabilizing 
supervisor  can  be  constructed. 

Definition  5.2  A  language  L  C  £*  is  said  to  be  weakly  i-stable  with  respect  to  another 
language  K  C  £*  if  L  C  £*/\ .  If  there  exists  a  nonempty  controllable  sublanguage  H  C  L 
such  that  H  is  weakly  ^-stable  with  respect  to  K ,  then  L  is  said  to  be  weakly  i-stabilizable 
with  respect  to  K. 

Thus  if  L  is  weakly  ^-stable  with  respect  to  K,  then  every  string  in  L  after  removing  a 
prefix  from  it,  matches  some  string  in  K.  Notice  that  here  no  uniform  bound  on  the  size  of 
prefix  to  be  removed  from  a  string  in  L  is  assumed. 

Remark  5.3  Since  £-A  C  £*  for  any  N  €  W,  it  follows  that  ^-stability  implies  weak  i- 
stability.  However,  the  converse  does  not  hold  in  general.  Consider  for  example  the  languages 
L  =  a*b *  and  K  —  6*  defined  over  the  event  set  £  =  {a,  b}.  Then  as  stated  in  the  proof  of 
Proposition  5.1,  L  is  not  ^-stable  with  respect  to  K.  But  clearly  L  is  weakly  ^-stable  with 
respect  to  AT,  for  a*b*  C  £*6*. 

The  following  result  analogous  to  that  stated  in  Theorem  4.17  holds  also  for  weak  l- 
stabilizability. 
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Theorem  5.4  L  is  weakly  Astabilizable  with  respect  to  K  if  and  only  if  LOT,*  is  nonempty 
and  weakly  Astable  respect  to  K. 

Proof:  Similar  to  the  proof  of  Theorem  4.17.  □ 

Next  we  discuss  how  to  verify  weak  Astability  and  weak  Astabilizability  of  a  given  plant 
behavior  with  respect  to  its  desired  eventual  behavior.  Let  P  =  (X,  S,  a,  xo,  Xm),  V  = 
(Q,  S,  6,  qo,  Qm)  be  the  minimal  SM’s  recognizing  the  languages  L,  I\  respectively.  Assuming 
that  the  languages  A,  I\  are  regular,  let  m,  n  be  the  number  of  states  in  P,  V  respectively.  A 
SM  that  recognizes  S*/\  is  constructed  by  first  adding  the  self-loop  corresponding  to  E*  at 
the  initial  state  of  V  and  then  converting  it  to  a  deterministic  SM.  Let  this  SM  be  denoted 
by  V'\  then  the  number  of  states  in  V'  is  2n. 

Remark  5.5  The  weak  Astability  of  L  with  respect  to  K  can  be  verified  by  determining 
whether  Lm(P)  C  Lm(V').  Since  the  number  of  states  in  P,V'  is  m, 2n  respectively,  the 
computational  complexity  of  verifying  weak  ^-stability  of  L  with  respect  to  I\  is  0(m2n). 
It  also  follows,  in  view  of  Theorem  5.4,  that  the  computational  complexity  of  testing  weak 
Astabilizability  of  L  with  respect  to  K  is  again  Q(m2n). 

Since  Astability  (Astabilizability)  implies  weak  Astability  (weak  Astabilizability),  the 
condition  in  Proposition  4.19  (Proposition  4.21)  is  sufficient  for  weak  Astability  (weak  A 
stabilizability).  Thus  Algorithm  4.20  (Algorithm  4.22)  can  be  employed  to  test  this  sufficient 
condition  for  weak  Astability  (weak  Astabilizability),  the  computational  complexity  of  which 
is  polynomial  in  m,n. 

Next  we  prove  that  weak  Astability  is  preserved  under  union,  i.e.  the  supremal  weakly 
Astable  sublanguage  of  a  given  language  exists. 

Proposition  5.6  The  supremal  weakly  Astable  sublanguage  of  a  given  language  exists  and 
is  unique. 

Proof:  Let  L ,  K  denote  the  plant,  desired  eventual  behavior  respectively.  Let  A  be  an 
indexing  set  such  that  the  family  of  weakly  Astable  sublanguages  of  L  is  given  by  {A,\}aga, 
i.e.  L\  is  weakly  Astable  sublanguage  of  L  for  each  A  E  A.  Such  a  family  is  nonempty 
because  0  is  weakly  Astable  sublanguage  of  L.  Consider  the  language  H  U.\eA  A\;  then 
clearly  H  C  L  and  H  is  weakly  Astable.  The  last  assertion  follows  from  the  fact  that 
L\  C  YPK  for  each  A  E  A  which  implies  that  Uaca  =  H  C  E *K.  This  completes  the 
proof  of  Proposition  5.6.  D 

Corollary  5.7  The  supremal  controllable  and  weakly  Astable  sublanguage  of  a  given  lan¬ 
guage  exists  and  is  unique. 

Proof:  Follows  from  Proposition  5.6  and  the  fact  that  controllability  is  preserved  under 
union  [21,  20].  d 

We  proved  the  existence  and  uniqueness  of  the  supremal  controllable  and  weakly  Astable 
sublanguage  of  a  given  language.  Next  we  present  a  closed  form  expression  for  it.  We  use  the 
notation  H 1  to  denote  the  supremal  controllable  sublanguage  of  a  given  language  H  C  E* 
[20,  1,  10]. 
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Theorem  5.8  Let  A,  K  C  E*  denote  the  plant,  desired  eventual  behavior  respectively.  Then 
the  supremal  controllable  and  weakly  /-stable  sublanguage  of  A  is  given  by  (A.fl  E*A')h 

Proof:  Let  H  C  E*  denote  the  supremal  controllable  and  weakly  /-stable  sublanguage  of  A 
with  respect  to  K.  Then  we  need  to  show  that  H  =  (A  Pi  S*Ar)h 

First  we  show  that  ( A  fl  £*A)^  C  H.  Since  H  is  the  supremal  controllable  and  weakly 
/-stable  sublanguage  of  A,  it  suffices  to  show  that  ( A  H  £*A')^  is  a  controllable  and  weakly 
/-stable  sublanguage  of  A.  By  its  definition,  ( A  fl  T,*Kfi  is  a  controllable  sublanguage  of  A. 
Also,  since  ( A  Pi  E*iL)T  C  A  fl  E*/A  C  S* K ,  it  follows  that  ( A  fl  is  weakly  /-stable 

with  respect  to  K.  Thus  ( A  fl  S*A')1  is  a  controllable  and  weakly  /-stable  sublanguage  of  A. 

Next  we  prove  that  H  C  (AnS*/l  )T.  Since  H  is  weakly  /-stable,  it  follows  that  H  C  E*A"; 
also,  H  C  A,  hence  H  C  L  fl  E*AL  Note  that  H  is  controllable  also.  Thus  H  is  controllable 
and  is  contained  in  L  fl  E*AL  Since  ( L  fl  E*A')T  is  the  supremal  controllable  sublanguage 
contained  in  A  fl  E*A',  it  follows  that  H  C  (A  n  S*A')L  □ 

Thus  if  A  is  not  /-stable  with  respect  to  K ,  but  is  weakly  Z-stabilizable  with  respect  to  K, 
then  a  minimally  restrictive  stabilizing  supervisor  can  be  constructed  so  that  the  behavior 
of  the  closed  loop  system  is  given  by  (A  fl  E*A)h  Note  that  the  result  of  Theorem  5.8  is 
not  surprising,  as  we  are  interested  in  finding  the  supremal  sublanguage  AT  C  A  such  that 
H  is  weakly  stable,  i.e.  H  C  S*A  and  H  is  controllable.  Since  H  C  A  and  AT  C  E*A, 
it  follows  that  H  C  A  fl  E*A\  Thus  we  are  interested  in  finding  the  supremal  controllable 
sublanguage  H  C  A  fl  E*Af,  which  obviously  equals  (A  fl  S*/L)h  This,  however,  offers  an 
alternative  interpretation  of  minimally  restrictive  weakly  stabilizing  supervisors:  problem 
of  finding  the  minimally  restrictive  weakly  stabilizing  supervisor  for  a  plant  with  behavior 
A  and  desired  eventual  behavior  K  is  equivalent  to  the  problem  of  finding  the  minimally 
restrictive  supervisor  for  the  same  plant  with  desired  behavior  A  fl  S *K.  Hence  techniques 
developed  in  [21,  20,  1,  11]  etc.  can  be  used  to  solve  the  problem. 


6  Stability  of  Sequential  Behavior 

So  far  we  have  discussed  the  stability  of  the  finite  behavior  of  a  DEDS.  We  will  show 
how  the  notions  of  /-stability  and  /-stabilizability  defined  above  can  be  easily  generalized 
to  describe  the  stability  of  infinite  or  sequential  behaviors  of  DEDS’s.  In  this  section,  we 
introduce  the  notion  of  u-stability  for  formally  describing  the  the  notion  of  eventual  sequential 
behavior. 

In  [19,  22,  13,  12,  23]  the  supervisory  control  problem  for  controlling  the  sequential  be¬ 
havior  of  a  DEDS  is  studied,  and  conditions  under  which  a  supervisor  can  be  constructed 
so  that  the  sequential  behavior  of  the  controlled  system  is  equal  to  some  desired  sequen¬ 
tial  behavior  are  obtained.  As  discussed  above,  such  a  control  problem  formulation  may 
lead  to  synthesis  of  a  very  restrictive  supervisor.  In  some  cases,  it  might  suffice  to  design 
a  supervisor  which  would  ensure  that  the  sequential  behavior  of  the  controlled  system  is 
eventually  contained  in  the  desired  sequential  behavior.  So  we  introduce  the  notion  of  the 
desired  eventual  sequential  behavior  and  obtain  conditions  under  which  the  plant’s  sequen- 
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tial  behavior  is  eventually  contained  in  this  sequential  behavior.  We  follow  the  framework 
of  [19]  for  addressing  the  supervisory  control  problem  of  sequential  behavior. 

Let  £w  denote  the  set  of  all  infinite  strings  of  events  belonging  to  E.  An  infinite  or 
u> -language  is  a  sublanguage  of  £A  Let  e”  £  E*  denote  the  prefix  of  size  n  of  the  infinite 
string  e  £  SA  A  suitable  metric  can  be  defined  on  the  space  E^  [7].  Given  two  infinite 
strings  ei,e2  £  £A  the  distance  d(ei,e2)  between  the  two  infinite  strings  is  defined  to  be: 


d(ei,e2)  =f 


l/(n  +  1)  if  e”  =  e\  and  e 
0  if  e\  —  e2 


ft  +  1 

1 


/  e"+1  (n  £  AO 


Given  a  language  ICE*,  its  limit ,  denoted  as  L°°,  is  the  ^-language  defined  as: 

en  £  L  for  infinitely  many  n  £  A”} 


Loo  4ef  |e  €  Su 


We  will  use  t  <  s  to  denote  that  t  £  E*  is  a  prefix  of  s  £  S*  U  SA  If  t  is  a  proper  prefix  of 
s,  then  it  is  written  as  t  <  s.  Given  an  infinite  sequence  of  strings  Si  <  s2  <  •  •  •  <  sn  <  •  •  • 
with  £  E*  for  each  n,  there  exists  a  unique  infinite  string  e  £  S'-1'  such  that  sn  <  e  for  each 


n.  In  this  case,  the  infinite  string  e  is  also  written  as  e 
£  C  Ew ,  its  prefix ,  denoted  by  pr£,  is  the  language: 


lim- 


■n— *■  oo  °n 


sn.  Given  an  w-language 


prC  =f  {s  £  S*  ]  3e  £  C  s.t.  s  <  e} 

Note  that  prC  =  pr£,  where  C  denotes  the  topological  closure3  of  C  in  the  metric  space 
(SA  d)  [7].  It  can  be  proved  [7]  that  for  a  u,’-language  C  C 

(pr£)°°  =  £ 

With  the  above  preliminary  notions  we  can  address  the  issue  of  stability  of  the  infinite 
behavior  of  a  given  DEDS.  Let  P  =  (A,  E,  a,  xq,  Xm)  denote  the  plant.  Then  as  defined 
above,  Lm(P),L{P)  C  E*  denote  its  (finite)  marked,  generated  languages  respectively.  The 
w-language  generated  by  P,  denoted  by  £{P),  is  defined -to  be: 

£[P)  =f  {e  £  ( L(P ))°°  |  3  infinitely  many  n  £  M  s.t.  a(en,x0)  £  Am}  =  (L^P))™ 

Note  that  the  cj-language  £{P )  generated  by  P  as  defined  above  is  also  the  ^-language 
generated  by  P  viewed  as  a  Biichi  automaton  [7].  P  is  said  to  nonblocking  if  pr£(P)  —  L(P). 
Let  S  =  (Y,  S,  /3,  yo,  Ym)  denote  the  supervisor  that  controls  P  by  synchronization  as  defined 
above.  Then  the  ^-language  generated  by  the  closed  loop  system  POS  is  defined  to  be: 

£{PDS)  =  (L(PoS))°°  fl  £{P) 

Let  /C  C  £(P)  be  the  desired  u-language.  It  is  shown  in  [19]  that  a  complete,  nonblocking 
supervisor  exists  for  achieving  the  desired  sequential  behavior  if  and  only  if  JC  is  u- controllable 
with  respect  to  P. 


3The  notation  C  is  used  to  denote  topological  closure  whenever  C  C  ,  and  the  notation  L  is  used  to 
denote  the  prefix  closure  whenever  L  C  S*. 
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Definition  6.1  An  w-language  K  C  IP  is  said  to  be  w- controllable  with  respect  to  the  plant 
P  if  prlC  is  controllable  with  respect  to  P,  and  1C  is  topologically  closed  with  respect  to  C{P); 
i.  e. 

1.  pr(fC)Su  D  L(P)  C  prlC,  and 

2.  lcr\C{P)  =  )C. 

It  is  further  shown  in  [19]  that  if  1C  is  not  ^-controllable,  but  is  topologically  closed  with 
respect  to  C(P),  then  the  supremal  u -controllable  sublanguage,  denoted  by  K\oiK  exists4. 
Thus  the  construction  of  the  minimally  restrictive  supervisor  is  possible.  A  closed  form 
expression  for  the  supremal  w-controllable  sublanguage,  as  well  as  an  efficient  algorithm  for 
computing  it,  is  presented  in  [13,  12]. 

Next,  let  1C  C  IP  represent  the  desired  eventual  sequential  behavior  of  the  plant  P  = 
(A-,  S,  a,  xq,  Xm).  The  notion  of  ^-stability  is  defined  as  follows: 

Definition  6.2  The  plant  sequential  behavior  C(P)  is  said  to  be  ui-stable  with  respect  to 
the  desired  eventual  sequential  behavior  1C  if  there  exists  an  integer  N  £  Af  such  that 
£{P)  C  S<NK.  C(P)  is  said  to  be  u-stabilizable  with  respect  to  K,  if  there  exists  a  nonempty 
^-controllable  sublanguage  H  C  C(P)  such  that  H  is  unstable  with  respect  to  1C. 

Let  e  £  be  infinite  string  and  for  each  n  £  A/*,  let  fn  £  IP  be  such  that  e  =  enfn. 
Then  the  projection  operator  IIn  :  IP  — *•  IP  (n  £  J\f)  is  defined  in  the  following  manner: 

rye)  =  fn 

In  other  words,  given  a  infinite  string  e  £  IP,  its  projection  IIn(e)  is  obtained  by  deleting  its 
prefix  of  size  n  from  it.  Thus  if  C(P)  is  w-stable  with  respect  to  1C,  then  for  each  e  £  C(P) 
there  exists  an  integer  ne  <  N  such  that  II„e(e)  £  1C.  In  other  words,  each  infinite  string 
in  C(P)  after  removing  a  prefix  of  size  at  most  N  matches  a  infinite  string  in  1C.  The 
w-language  1C  thus  can  be  thought  of  to  be  representing  the  desired  eventual  sequential 
behavior.  If  C(P)  is  not  w-stable  but  cu-stabilizable  with  respect  to  1C,  then  there  exists  a 
nonempty  ^-controllable  sublanguage  H  C  C{P)  which  is  w-stable  with  respect  to  1C  also. 
Thus  a  nonblocking  and  complete  [19]  supervisor,  that  can  restrict  the  sequential  behavior 
of  the  plant  to  H  which  “stabilizes”  to  the  desired  eventual  sequential  behavior  K,  can  be 
constructed. 

6.1  Tests  for  u;-st ability  and  u>stabilizability 

In  this  subsection  we  show  that  under  certain  assumptions  w-stability  can  be  tested  by 
performing  the  test  for  ^-stability.  First  we  define  the  notion  of  complete  languages  which  is 
useful  in  the  context  of  studying  the  stability  of  infinite  behaviors. 

4The  notation  &  is  used  to  denote  the  supremal  w-controllable  sublanguage  of  1C  C  ,  and  the  notation 
K  t  is  used  to  denote  the  supremal  controllable  sublanguage  of  K  C  E*. 
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Definition  6.3  Consider  a  language  A  C  S*.  A  string  s  £  A  is  said  to  have  an  extension  in 
A  if  there  exists  a  t  £  A  such  that  s  <  t.  A  is  said  to  be  complete 5  if  for  every  string  s  £  A, 
there  exists  an  extension  in  A. 

Note  that  a  language  is  complete  if  and  only  if  a  trim  SM  recognizing  it  is  live  (has  at 
least  one  transition  defined  at  each  of  its  states)  [13].  First  we  show  that  ^-stability  of  a 
given  language  with  respect  to  another  implies  ^-stability  of  the  limit  of  the  given  language 
with  respect  to  the  limit  of  the  other. 

Theorem  6.4  Consider  A,  I\  C  E*.  If  A  is  Astable  with  respect  to  A",  then  L°°  is  unstable 
with  respect  to  K°°. 

We  prove  the  following  lemma  before  proving  the  result  of  Theorem  6.4. 

Lemma  6.5  Consider  A  C  E*.  Then  for  any  N  €  W,  (S ^NL)°°  =  N L°° . 

Proof:  First  we  show  that  E-¥A°°  C  (E -NL)°°.  Pick  e  £  S -N  L°°.  Then  e  can  be  written 
as  e  =  en/,  where  n  <  N  and  f  £  A°° .  Thus  there  exist  infinitely  many  m  £  J\f  such  that 
fm  £  A.  Then  the  strings  enfm  £  S -N  L  for  each  m  £  M .  Hence  limm_oo  enfm  £  (E -N  L)°° . 
Also,  since  e”/1  <  en f2  <  ...  <  en fm  <  . . .  <  e,  it  follows  that  limm_oo  enfm  =  e:  which 
shows  that  e  £  (E-jVA)°°. 

Next  we  show  that  (E -N L)°°  C  E -N L°°.  Pick  e  £  (E -N L)°° .  Then  there  exist  infinitely 
many  n  €  M  such  that  en  €  S -NL.  Thus  each  en  can  be  written  as  en  =  unvn,  where 
un  £  E -N  and  vn  £  A.  Since  the  set  E-'V  is  finite,  it  follows  that  there  exists  at  least  one 
integer  no  €  M  such  that  uno  =  un  for  infinitely  many  n.  Let  {nk}k^  be  a  subsequence 
such  that  uni  —  un2  =  ...  =  unk  =  ...  —  uno.  Then  enk  =  unovnk  for  each  k  £  j\T.  Hence 
e  =  lim^^oo  enk  =  uno  limfc-,00  vnk.  Since  uno  £  S-A  and  vnk  £  L  for  each  k  £  ,\f ,  it  follows 
that  e  £  E ^NL°°.  □ 

Proof  (of  Theorem  6.4):  Since  L  is  Astable  with  respect  to  I\ ,  there  exists  an  integer 
N  £  j\f  such  that  L  C  E -N K.  Hence,  by  taking  limits  on  both  sides  of  the  last  inclusion,  we 
obtain  A°°  C  (S -N K)°°.  It  then  follows  from  Lemma  6.5  that  A°°  C  E-'^A'00;  which  shows 
that  A°°  is  u;-stable  with  respect  to  K°°.  □ 

Example  6.6  Consider  languages  A,  AT  of  Example  4.5.  Then  A,x>  =  (( ab)*cdk)w  —  ( ab)*cdw 
and  (AT)00  =  (d*  +  bab(ab)*cd*)°°  =  (k°  +  bab{abYcdw .  Using  arguments  similar  to  those  in 
Example  4.5  it  can  be  easily  verified  that  L°°  C  E-3(AT)°°.  This  shows  as  expected  from 
the  result  of  Theorem  6.4  that  L°°  is  a;-stable  with  respect  to  (AT)00.  However,  the  converse 
of  Theorem  6.4  does  not  hold  in  general.  Consider  for  example  languages  A,  K  C  {a,  6}*: 
A  =  (ab)*  and  K  —  ( ba)star .  Then  A°°  =  (aby  and  K°°  =  [bay  =  (ab)w.  Since  ( aby  = 
a(ba,y,  it  is  obvious  that  A°°  is  aj-stable  with  respect  to  K°°  (L°°  =  aK°°).  It  can  also  be 
easily  checked  that  A  is  not  Astable  with  respect  to  I\:  a  string  in  A  ends  with  the  symbol 
b ,  whereas  a  string  in  I\  ends  with  the  symbol  a.  Thus  given  any  string  in  A,  no  suffix  of  it 
matches  any  string  in  I\ . 

Completeness  is  also  defined  to  be  a  property  of  supervisors;  here  we  define  it  to  be  a  property  of 
languages.  The  two  definitions  are  unrelated  and  not  to  be  confused  with. 
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Next  we  prove  that  under  certain  assumptions  the  converse  of  Theorem  6.4  holds. 

Theorem  6.7  Consider  L,  K  C  £*.  Assume  that  L  is  complete  and  I\  is  prefix  closed. 
Then  cu-stability  of  L°°  with  respect  to  K°°  implies  ^-stability  of  L  with  respect  to  K. 

Before  proving  the  result  of  Theorem  6.7,  we  prove  the  following  lemma. 

Lemma  6.8  Consider  two  languages  L\,L2  5-7  £*.  Assume  that  L\  is  complete  and  L2  is 
closed.  Then  (Iu)°°  <7  (L2)00  if  and  only  if  Lx  C  L2. 

Proof:  It  is  clear  that  Lx  C  L2  implies  Lf1  C  L Hence  it  suffices  to  show  that  if 
( Li)°°  C  (L2r,  then  L\  C  L2.  Pick  s  €  L\.  Since  L\  is  complete,  there  exists  a  sequence 
of  strings  si  <  S2  <  . . .  <  sn  <  . . .  such  that  sn  G  L\  for  each  n  G  M  and  s  <  s\.  Let 
e  =  lim^^eo  sn;  then  e  G  (Li)°°.  It  then  follows  from  the  assumption  that  e  G  (£2)°°-  Hence 
there  exist  infinitely  many  n  G  M  such  that  en  G  L2.  Pick  m  G  Af  such  that  s  <  em.  Since 
em  G  L2  and  L2  is  closed,  it  follows  that  s  G  L2.  P 

Proof  (of  Theorem  6.7):  Assume  that  L°°  is  unstable  with  respect  to  K°°.  Then  there 
exists  an  integer  N  G  Af  such  that  L°°  C  T,-N K°°.  Thus  it  follows  from  Lemma  6.5  that 
L°°  C  (L-^Ji)00.  Note  that  since  S—  N  is  closed,  and  prefix  closure  is  preserved  under 
concatenation  of  languages  Y,-N K  is  a  closed  language  (by  assumption  K  is  closed).  Since 
L  is  complete  (by  assumption)  and  S ~N K  is  closed,  we  obtain  from  Lemma  6.S  that  L°°  C 
(E* nK)°°  if  and  only  if  L  C  T,-NK.  □ 

Example  6.9  Consider  the  languages  L  =  ( ab )*  and  K  =  ( ba )*  of  Example  6.6.  It  was 
noted  in  Example  6.6  that  L°°  is  w-stable  with  respect  to  however,  L  is  not  L-stable 
with  respect  to  K.  The  reason  is  that  although  L  is  a  complete  language,  K  is  not  prefix 
closed.  Let  us  replace  K  by  its  prefix  closure,  i.e.  consider  K'  =  K  =  (ba)*  =  (6a)*  +  6(a6)*. 
Then  clearly  L  is  Astable  with  respect  to  K'  (L  =  (ab)*  =  a6-f  ab(ab)*  C  T,-2K'). 

The  results  of  Theorem  6.4  and  Theorem  6.7  can  be  combined  to  arrive  at  a  test  for 
ca-stability  based  on  the  test  for  f-stability  (Theorem  4.12). 

Theorem  6.10  Let  C(P)  —  (Lm(P))°°  C  denote  the  plant  cu-behavior  and  1C  C 
denote  the  desired  eventual  behavior.  If  P  is  live  and  K  is  topologically  closed,  then  C(P) 
is  w-stable  with  respect  to  1C  if  and  only  if  Lm(P)  is  Astabe  with  respect  to  prlC. 

Proof:  Since  P  is  live,  Lm(P)  is  complete.  Also,  since  1C  is  topologically  closed,  K  —  1C  = 
(prlC)00.  Thus  C(P)  is  limit  of  the  complete  language  Lm(P)  and  1C  is  limit  of  the  prefix 
closed  language  prlC.  Hence  it  follows  from  Theorem  6.4  and  Theorem  6.7  that  C(P)  is 
w-stable  with  respect  to  1C  if  and  only  if  Lm(P)  is  f-stable  with  respect  to  prlC.  □ 

Next  we  relate  the  notion  of  ca-stabilizability  to  that  of  ca-stability  through  the  following 
theorem. 

Theorem  6.11  C(P)  is  u;-stabilizable  with  respect  to  K,  if  and  only  if  C(P)nP“  is  nonempty 
and  ca-stable  with  respect  to  A7,  where  £"  =  (S*)°°. 
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Proof:  We  first  show  that  C(p)  P  77“  is  the  infimal  ^-controllable  sublanguage  of  £(P), 
i.e.  it  is  the  sequential  behavior  of  P  under  the  control  of  maximally  restrictive  complete 
and  nonblocking  supervisor  [19].  Consider  the  supervisor  that  disables  all  the  controllable 
events  in  P.  Then  the  behavior  of  the  closed  loop  system  under  this  control  law  is  given 
by  L(P)  fl  E*.  Hence  the  sequential  behavior  of  the  closed  loop  system  is  given  by  (L(P)  fl 
S*)°°  P£(P)  =  (P(P))°°  fl  (77*)°°  D  £(P)  —  £(P)  n  77“ ,  where  the  first  equality  follows  from 
the  fact  that  P(P),S*  are  both  closed  languages  and  the  second  equality  follows  from  the 
fact  that  £(P)  C  (P(P))°°  and  (£*)°°  =  S“.  Note  that  the  supervisor  that  disables  all  the 
controllable  transitions  in  P  is  complete  (it  never  disables  any  uncontrollable  transition)  and 
nonblocking  (since  pr(C(P )  fl  77“ )  =  L(P)  fl  17*).  Hence  C(P)  fl  77“  1S  ^-controllable  [19]. 
Since  it  is  the  sequential  behavior  under  the  maximally  restrictive  complete  and  nonblocking 
control  law,  if  7i  C  C(P)  is  any  uncontrollable  sublanguage  of  £(P),  then  C(P)  Pi  77“  C  Pi. 

Assume  then  that  C(P)  is  unstabilizable  with  respect  to  A7.  Then  by  the  definition  of  a 
stabilizability,  there  exists  a  nonempty  uncontrollable  sublanguage  H  C  C(P)  and  an  integer 
N  €  Ar  such  that  H  C  77-iVAC.  Since  C(P)  n  77“  C  H,  it  follows  that  £(P)  n  77“  C  77^/C; 
which  shows  that  £(P)  P  77“  is  unstable  with  respect  to  A7. 

Assume  next  that  £(P)  D  77“  is  nonempty  and  unstable  with  respect  to  AC.  Since  £(P)  fl 
77“  C  £(P)  am.  is  uncontrollable  (proved  above),  it  follows  that  £(P)  is  unstabilizable  with 
respect  to  1C.  □ 

Remark  6.12  Note  that  £(P)P77“  =  (Lm(P))°°  fl  (77*)°°  =  (Lm(P)  P  77*)°°,  where  the  last 
equality  follows  from  the  fact  that  £*  is  prefix  closed.  Thus,  if  P  is  live  and  1C  is  topologically 
closed,  then  from  Theorem  6.10  and  Theorem  4.17  it  follows  that  the  unstabilizability  of  £(P) 
with  respect  to  AC  is  equivalent  to  f-stabilizability  of  Lm(P)  with  respect  to  prlC. 

Remark  6.13  A  necessary  condition  for  w-stability  is  obtained  using  an  equivalence  relation 
on  the  space  E“  introduced  in  Appendix  B.  It  is  also  shown  in  Appendix  B  that  if  a  weaker 
definition  of  cu-stability  is  used  the  necessary  condition  obtained  in  terms  of  the  equivalence 
relation  is  also  a  sufficient  condition. 


7  Conclusion 

In  this  paper,  we  have  introduced  the  notions  of  stability  and  stabilizability  of  DEDS’s 
in  terms  of  their  behavior.  In  many  situations,  since  the  behavior  rather  than  the  states  of 
the  system  is  observed  directly,  it  is  more  natural  to  study  the  stability  of  systems  in  terms 
of  their  behavior.  Also,  in  some  cases,  it  might  be  desired  that  the  eventual  (rather  than 
the  whole)  behavior  of  the  system  be  legal,  so  it  is  necessary  to  define  formally  the  notion 
of  language  stability.  Earlier  works  concerning  stability  of  DEDS’s  [18,  2,  3]  are  all  based  in 
terms  of  the  states  of  the  systems  and  can  be  viewed  as  a  special  case  of  the  work  presented 
here  (refer  to  Proposition  4.4).  The  earlier  works  [18,  2,  3]  on  stability  in  terms  of  states 
assume  the  control  to  be  of  static  feedback  type;  however,  more  general  supervisors  that 
exercise  dynamic  feedback  have  been  used  here  for  making  the  systems  Pst  able. 
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We  have  shown  that  the  problem  of  determining  ^-stability  (7-stabilizability)  of  a  given 
language  with  respect  to  another  language  is  equivalent  to  another  problem  posed  in  terms 
of  the  reversal  of  languages  (refer  to  Corollary  4.10)  and  have  provided  a  solution  to  this 
equivalent  problem  (refer  to  Theorem  4.12  and  Theorem  4.17).  We  have  also  provided  an 
upper  bound  to  the  value  of  the  integer  N  in  the  definition  of  ^-stability  (Cstabilizability) 
using  the  solution  to  the  equivalent  problem  (refer  to  Corollary  4.10).  Next  we  have  presented 
a  weaker  notion  of  language  stability  in  which  no  uniform  upper  bound  on  the  length  of  the 
prefix  to  be  removed  from  a  string  in  a  language  (for  it  to  ^-stable  with  respect  to  another 
language)  exists  and  have  provided  the  construction  of  the  minimally  restrictive  supervisor 
[10,  21,  20,  11]  to  ^-stabilize  a  given  language  in  this  weaker  sense  of  language  stability. 

The  notion  of  ^-stability  and  Gstabilizability  is  then  generalized  to  describe  the  notion  of 
stability  of  sequential  behavior  of  DEDS’s  and  the  notions  of  ^-stability  and  w-stabilizability 
is  introduced  in  this  context.  We  have  introduced  an  equivalence  relation  on  the  space  of 
infinite  strings  and  have  obtained  a  necessary  condition  of  testability  in  terms  of  this  relation. 
A  necessary  and  sufficient  condition  for  co-stability  is  obtained  in  terms  of  ^-stability,  which 
is  used  to  arrive  at  tests  for  co-stability  and  co-stabilizability. 
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/S.  A. 

A  Algorithm  for  constructing  )  and  A(X ) 

As  before,  let  P  =f  (Y,  S  ,  a,xo,  Xm)  be  the  plant  and  X  C  X  be  the  set  of  legal  states. 
The  following  algorithm  can  be  used  to  compute  fl(Y)  (we  assume  that  the  plant  P  has 
finite  number  of  states  so  that  the  algorithm  terminates  in  finite  number  of  steps): 

Algorithm  A,  1 

1.  Initiation  step: 

Set  0_!(Y)  =  0, 00(Y)  =  X,  and  k  =  0. 

2.  Iteration  step: 

(a)  Let  Xk  Q  X  be  the  set  of  states  from  which  fR(Y)  —  Uk-i{X)  can  be  reached  in 
a  single  transition,  i.  e. 

Xk  =  {x  e  X  |  3<r  €  S  s.t.  a(a,x)  €  fR(Y)  -  fifc-i^Y)} 

Determine  the  set  Xk  by  considering  the  SM  P~l  =f  (Y,  S,  a-1,  x0,  Ym),  where 
a~l(cr,x2)  =f  {xi  e  X  [  a(a,X\)  =  ( P  1  is  the  SM  obtained  by  reversing 

all  the  transitions  of  P),  and  by  finding  the  states  that  can  be  reached  from 
Ofc(Y)  —  ft*_i(Y)  by  a  single  transition  in  P~l . 

(b)  Consider  x  €  Xk.  If  all  the  transitions  from  x  lead  to  LR(Y),  then  Ofc+i(Y)  = 
Ofc(Y)  U  {z}.  Repeat  this  for^all  x  €  Xk.  Thus,  if  all  the  transitions  from  a  state 
x  €  Xk  lead  to  states  in  flfc(Y),  then  a;  is  a  strongly  attractable  state,  i.  e. 

fijk-u(Y)  =  fijt(Y)  U  {x  e  Xk  1  a{a,x)  €  II A X)  for  all  <j  €  h(P)(x)} 

where  S (P){x)  C  S  is  the  set  of  all  the  transitions  that  are  defined  in  the  state 
x  €  Y  in  P  and  is  given  by,  S (P)(x)  =  {cr  €  S  |  a(a,x )!}. 

3.  Termination  step: 

If  flk+i(X)  =  fik( X),  then  stop  and  set  0( X)  =  Ofc( Y);  else  set  k  =  k  +  1  and  go  to 
step  2. 
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Theorem  A. 2  Algorithm  A.l  computes  the  region  of  strong  attraction  £l(X)  of  the  set  of 
legal  states  X  C  X. 

Proof:  The  proof  that  the  Algorithm  A.l  computes  X)  is  based  on  the  following  two 
facts: 

Firstly,  the  above  algorithm  computes  Q(A”)  if  in  step  2,  f 2/. (A)  —  ftfc_i(A)  is  replaced 
by  Qk(X)  (for  proof  refer  to  Proposition  2.7  of  [18]). 


Figure  6:  Constructing  region  of  strong  attraction 

Secondly,  at  the  end  of  the  kth  iteration,  to  determine  the  states  that  might  be  strongly 
attractable,  we  just  need  to  consider  the  states  that  have  transitions  leading  into  the  set 
Q,k+i(X)  —  0/c(A')  (rather  than  into  the  set  f!fc+i(A))  in  P,  so  that  the  replacement  as 
described  above  is  justified  (see  Figure  6).  In  other  words,  we  must  show  that  at  the  end 
of  kth  iteration,  if  all  the  transitions  in  £(P)(x)  from  the  state  x  £  X  —  flk+i(X)  lead  to 
the  set  Ofc+1(X),  then  there  exists  a  £  £(#)  such  that  a(cr,x)  £  fl*;+1(A)  —  flfc(A).  To 
show  this,  we  first  partition  £(P)(x)  into  the  set  £i (P)(x)  U  £ z(P){x ),  the  set  £i (P)(x)  of 
transitions  leading  to  fifc(A)  and  the  set  £2(P)(x)  of  transitions  leading  to  Uk+i(X)  —  Qk{X). 
Then  it  is  enough  to  show  that  the  set  £2(x)  is  nonempty.  Assume  that  it  is  empty;  then 
x  £  0(f 'lk(X))  and  therefore  it  belongs  to  the  set  fl^+i(A),  which  is  contradictory  to  the 
fact  that  x  £  X  —  $lk+i{X).  This  proves  the  second  claim.  □ 

Remark  A. 3  In  order  to  determine  the  region  of  weak  attraction  A  (A)  of  A,  we  replace 
step  2(b)  in  the  iteration  step  of  the  previous  algorithm  by  the  following  step  2(6'): 

2(6')  Consider  x  £  A*.  If  all  the  uncontrollable  transitions  from  x  lead  to  flk(  A),  then 

nk+1(X)  =  nk(X)u{x},ie. 

fifc+i(A)  =  flk{ A)  U  {x  £  Ajt  |  a{cr,x)  £  Q&( A)  for  all  a  £  £U(P)(: r)}. 
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where  Ett(P)(ar)  =  S(P)(ar)  fl  Eu. 

This  can  be  tested  by  considering  the  transitions  in  P  |su  (P  with  all  its  controllable 
transitions  deleted).  Formally,  P  |su  =  (X,  Su,a  ,Xm). 

This  would  result  in  the  construction  of  the  region  of  weak  attraction  A(X)  of  X.  Notice 
that  with  an  abuse  of  notation  we  have  used  Qk{X)  in  the  algorithm  for  determining  A-k(X). 

Theorem  A. 4  The  time  complexity  of  Algorithm  A.l  for  constructing  tt(X)  and  A(X)  is 
0(|S[n),  where  |S|  denotes  the  number  of  events  in  the  event  set  S  and  n  is  the  number  of 
states  in  P. 

Proof:  Assume  that  at  the  end  of  kth  iteration,  the  number  of  transitions  (of  length  one) 
leading  into  the  set  Qk+i{X)  -  ttk(X)  from  X  -  ftfc+1(X).  is  ek.  We  show  that  step  2  of  the 
algorithm  can  be  computed  in  0(ek)  time,  as  follows. 

Firstly,  the  states  in  the  set  Xk  can  be  computed  in  0(ek)  time,  for  in  order  to  determine 
the  states  reachable  from  the  states  in  the  set  Q,k+ i(X)  —  f h(X)  by  a  single  transition  in 
P-1,  we  need  consider  only  the  ek  transitions.  Secondly,  since  there  could  be  at.  most  ek 
such  states,  the  states  in  the  set  Ctk+i(X)  can  also  be  computed  in  0(ek )  time.  This  is  true 
because  to  test  whether  a  state  x  €  Xk  belongs  to  flk+i(X)  requires  only  0(|£|)  time  which 
is  constant. 

Since  the  sets  fl/h+i(X)  —  f lk{X)  for  each  value  of  k  are  all  disjoint,  the  transitions  (of 
length  one)  leading  into  them  from  X  —  Clk+i(X)  are  also  all  disjoint.  Hence  the  computa¬ 
tional  complexity  of  Algorithm  A.l  is  of  order  0(Ylkek)  —  0(e) ,  where  e  is  the  number  of 
transitions  in  P.  Since  P  is  deterministic,  e  <  j£| n,  hence  the  theorem  follows.  Similarly,  the 
complexity  of  the  algorithm  for  determining  A(A)  is  also  0(|S|n).  □ 

This  is  significant  improvement  over  the  computational  complexity  of  the  algorithm  given 
in  [2,  3],  which  is  0(n2).  Notice  that  our  algorithm  requires  the  construction  of  the  SM  P_1 
which  could  be  nondeterministic,  but  has  same  number  of  transitions  as  P. 

The  above  algorithm  can  also  be  used  to  construct  the  prestable  and  prestabilizable  states 
of  a  given  invariant  state  set  as  defined  in  [18].  In  fact,  the  set  of  prestable  states  and  the  set 
of  prestabilizable  states  with  respect  to  a  given  invariant  or  legal  set  of  states  is  the  same  as 
Q(X)  and  A(X)  respectively,  where  X  denotes  the  set  of  invariant  states.  The  computational 
complexity  of  the  algorithms  provided  in  [18]  is  also  quadratic  in  the  number  of  states  of  P. 

B  An  Equivalence  Relation  on  and  u -Stability 

A  necessary  condition  for  ^-stability  of  a  given  ^-language  with  respect  to  another  can  be 
obtained  in  terms  of  an  equivalence  relation  defined  on  the  space  S'A  In  this  appendix  we 
define  this  relation  and  show  its  close  relation  to  the  notion  of  ^-stability. 

Definition  B.l  For  ei,e2  £  FA,  ex  =  e2  if  and  only  if  there  exist  m,n  £  Af  such  that 

nm(ei)  —  nn(e2). 
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Note  that  for  each  n  G  J\f ,  Un  :  E"  -+  E"  is  the  map  such  that  for  e  G  E",  n„(e)  is  the 
infinite  string  obtained  by  removing  the  prefix  of  length  n  from  e. 

Theorem  B.2  The  relation  =  as  defined  is  an  equivalence  relation. 

Proof:  We  need  to  show  that  the  relation  =  is  reflexive,  symmetric  and  transitive. 

It  is  clear  that  for  any  vector  e\  G  E1",  ei  =  ei,  i.e.  =  is  reflexive.  Also,  if  e\  =  e2.  then 
clearly  e2  =  ei  for  any  two  vectors  ei,e2  G  S",  i.e.  =  is  symmetric.  It  remains  to  show  that 
the  relation  =  is  transitive.  Pick  any  ej,e2,e3  G  Sffi  We  will  show  that  t\  =  e2  and  e2  =  e3 
implies  ex  =  e3.  Let  m,n,p,q  G  Af  be  such  that  IIm(ei)  =  n„(e2)  and  n„(e2)  =  IIg(e3).  We 
may  have  either  n  <  p  or  p  <  n.  If  n  <  p ,  then  nm+(p_n)(ei)  -  n,(c3),  i.e.  ei  =  e3;  if  p  <  n, 

then  nm(e1)^n?+(n_p)(e3),  i.e.  ei-e3.  □ 

A  necessary  condition  for  ^-stability  can  be  obtained  using  the  equivalence  relation  de¬ 
fined  above. 

Proposition  B.3  If  plant  sequential  behavior  C(P)  is  co-stable  with  respect  to  the  desired 
eventual  behavior  £,  then  for  each  e  G  £(P),  there  exists  e'  G  K  such  that  e  £  e'. 

Proof.  Assume  C(P)  is  co-stable  with  respect  to  Af,  i.e.  there  exist  N  G  Af  such  that 
£{P)  C  Then  given  e  €  C(P),  there  exists  n  <  N  and  e'  G  JC  such  that  e  =  ene'. 

Thus  IIn(e)  =  e\  i.e.  e  =  e'.  n 

Remark  B.4  Proposition  B.3  gives  a  necessary  condition  for  co-stablity.  This  condition  will 
be  a  necessary  as  well  as  sufficient  condition  if  a  weaker  definition  of  co-stability  is  used.  Let 
the  projection  operator  be  extended  to  the  space  2s"  in  the  obvious  manner,  i.e.  for  anv 
n  G  Af ,  IIn  :  2“  — >  2S“  is  defined  to  be: 

n n(£)  =  {e  G  SP  |  3c'  G  £  s.t .  nn{e')  =  e } 

where  £  C  .  We  use  II*(-)  to  denote  the  operator  The  plant  sequential 

behavior  C(P)  is  said  to  be  weakly  ui-stable  with  respect  to  the  desired  eventual  sequential 
behavior  K  if  C(P)  C  27*77* (Af).  Thus  if  C(P)  is  weakly  co-stable  with  respect  to  JC,  then  for 
every  e  G  C(P)  there  exist  n,m  G  Af  and  e'  G  Af  such  that  n„(e)  =  Um{e').  It  is  clear  that 
co-stability  implies  weak  co-stability.  It  can  easily  be  verified  that  £(P)  is  weakly  co-stable 
with  respect  to  1C  if  and  only  if  given  any  e  G  £(P)  there  exists  e'  G  JC  such  that  e  £  e'. 
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